CVE-2008-6366

Ad Server Solutions Affiliate Software Java 4.0 - SQL Injection via Logon.jsp Parameters

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-6366. PoCs published by 3d D3v!L, R3d-D3V!L.

AI-analyzed exploit summary The exploit demonstrates SQL injection in Ad Server Solutions products by providing crafted username and password inputs that bypass authentication. It leverages improper sanitization of user-supplied data in SQL queries.

Description

SQL injection vulnerability in logon.jsp in Ad Server Solutions Affiliate Software Java 4.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password, possibly related to the uname and pass parameters to logon_process.jsp. NOTE: some of these details are obtained from third party information.

Exploits (2)

exploitdb WORKING POC VERIFIED

by 3d D3v!L · textwebappsjsp

https://www.exploit-db.com/exploits/32655

View Code ZIP pw:eip

The exploit demonstrates SQL injection in Ad Server Solutions products by providing crafted username and password inputs that bypass authentication. It leverages improper sanitization of user-supplied data in SQL queries.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Ad Server Solutions (Ad Management Software, Affiliate Software)

No auth needed

Prerequisites: Access to the login interface of the vulnerable application

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →