CVE-2008-3355

Camera Life 2.6.2 - SQL Injection via id Parameter in sitemap.xml.php

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-3355. PoCs published by nuclear.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in Camera Life 2.6.2, allowing an attacker to extract user credentials via a crafted URL parameter. The PoC uses a UNION-based SQLi to concatenate and retrieve username and password fields from the 'users' table.

Description

SQL injection vulnerability in sitemap.xml.php in Camera Life 2.6.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a photos action.

Exploits (1)

exploitdb WORKING POC VERIFIED

by nuclear · textwebappsphp

https://www.exploit-db.com/exploits/6132

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in Camera Life 2.6.2, allowing an attacker to extract user credentials via a crafted URL parameter. The PoC uses a UNION-based SQLi to concatenate and retrieve username and password fields from the 'users' table.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Camera Life 2.6.2

No auth needed

Prerequisites: Target application must be running Camera Life 2.6.2 · The 'sitemap.xml.php' endpoint must be accessible

MITRE ATT&CK