CVE-2008-5650

AlstraSoft Web Host Directory - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-5650. PoCs published by G4N0K, ZoRLu.

AI-analyzed exploit summary This writeup details multiple vulnerabilities in AlstraSoft Web Host Directory v1.2, including insecure cookie handling for authentication bypass, arbitrary database backup, and SQL injection for authentication bypass. It provides proof-of-concept steps and live demo credentials.

Description

SQL injection vulnerability in the login directory in AlstraSoft Web Host Directory allows remote attackers to execute arbitrary SQL commands via the pwd parameter.

Exploits (2)

exploitdb WRITEUP VERIFIED

by G4N0K · textwebappsphp

https://www.exploit-db.com/exploits/7116

View Code ZIP pw:eip

This writeup details multiple vulnerabilities in AlstraSoft Web Host Directory v1.2, including insecure cookie handling for authentication bypass, arbitrary database backup, and SQL injection for authentication bypass. It provides proof-of-concept steps and live demo credentials.

Classification

Writeup 90%

Attack Type

Auth Bypass | Sqli | Info Leak

Complexity

Trivial

Reliability

Reliable

Target: AlstraSoft Web Host Directory v1.2

No auth needed

Prerequisites: access to the target application · valid username for SQLi bypass

MITRE ATT&CK

T1189 - Drive-by Compromise T1552 - Unsecured Credentials T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by ZoRLu · textwebappsphp

https://www.exploit-db.com/exploits/7103

View Code ZIP pw:eip

This exploit demonstrates an SQL injection authentication bypass in AlstraSoft Web Host Directory. The payload ' or ' 1=1-- bypasses login by manipulating the SQL query to always return true.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: AlstraSoft Web Host Directory

No auth needed

Prerequisites: access to the login page of the vulnerable application

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/46592

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/32660

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/4771

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/32298

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/7103

Scores

EPSS 0.0105

EPSS Percentile 59.8%

Details

CWE

CWE-89

Status published

Products (1)

alstrasoft/webhost_directory _nil_

Published Dec 17, 2008

Tracked Since Feb 18, 2026