CVE-2008-1426

KAPhotoservice - SQL Injection via album.asp albumid Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-1426. PoCs published by JosS.

AI-analyzed exploit summary This Perl script exploits a SQL injection vulnerability in KAPhotoservice's album.asp by injecting malicious SQL queries to extract database information such as db_name, system_user, servername, and version. It automates the exploitation process by iterating through predefined SQL injection payloads.

Description

SQL injection vulnerability in album.asp in KAPhotoservice allows remote attackers to execute arbitrary SQL commands via the albumid parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by JosS · textwebappsasp

https://www.exploit-db.com/exploits/5274

View Code ZIP pw:eip

This Perl script exploits a SQL injection vulnerability in KAPhotoservice's album.asp by injecting malicious SQL queries to extract database information such as db_name, system_user, servername, and version. It automates the exploitation process by iterating through predefined SQL injection payloads.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: KAPhotoservice (album.asp)

No auth needed

Prerequisites: Target URL with vulnerable album.asp endpoint

MITRE ATT&CK