Exploitation Summary
EIP tracks 1 public exploit for CVE-2008-4627. PoCs published by Five-Three-Nine.
AI-analyzed exploit summary This exploit leverages a blind SQL injection vulnerability in rGallery 1.09 by manipulating the 'itemID' parameter to extract user password hashes from the database. It iterates through possible ASCII values to reconstruct the hash character by character.
Description
SQL injection vulnerability in the rGallery plugin 1.09 for WoltLab Burning Board (WBB) allows remote attackers to execute arbitrary SQL commands via the itemID parameter in the RGalleryImageWrapper page in index.php.
Exploits (1)
This exploit leverages a blind SQL injection vulnerability in rGallery 1.09 by manipulating the 'itemID' parameter to extract user password hashes from the database. It iterates through possible ASCII values to reconstruct the hash character by character.