CVE-2008-3754

YourFreeWorld Stylish Text Ads Script - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-3754. PoCs published by Charalambous Glafkos.

AI-analyzed exploit summary This exploit demonstrates an information disclosure vulnerability in Folder Lock <= 5.9.5 by extracting and decrypting the stored password from the Windows registry. The password is stored in an insecure manner and can be decrypted using a combination of ROT-25 and string reversal.

Description

SQL injection vulnerability in trl.php in YourFreeWorld Stylish Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Charalambous Glafkos · webappsphp

https://www.exploit-db.com/exploits/32281

View Code ZIP pw:eip

This exploit demonstrates an information disclosure vulnerability in Folder Lock <= 5.9.5 by extracting and decrypting the stored password from the Windows registry. The password is stored in an insecure manner and can be decrypted using a combination of ROT-25 and string reversal.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Folder Lock <= 5.9.5

No auth needed

Prerequisites: Local access to the target system · Registry access to HKEY_CURRENT_USER\Software\Microsoft\Windows\QualityControl

MITRE ATT&CK

T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/30766

Exploit x_refsource_misc

http://www.packetstormsecurity.org/0808-exploits/stylishtextads-sql.txt

Scores

EPSS 0.0095

EPSS Percentile 56.6%

Details

CWE

CWE-89

Status published

Products (1)

yourfreeworld/stylish_text_ads_script

Published Aug 21, 2008

Tracked Since Feb 18, 2026