CVE-2008-6626

WEBBDOMAIN Quiz <= 1.02 - SQL Injection via Username Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6626. PoCs published by Hakxer.

AI-analyzed exploit summary This exploit demonstrates an SQL injection-based authentication bypass in the WEBBDOMAIN Quiz application. The payload manipulates the login query to bypass authentication by injecting a tautology ('1=1') into the username field.

Description

SQL injection vulnerability in getin.php in WEBBDOMAIN Quiz 1.02 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Hakxer · textwebappsphp
https://www.exploit-db.com/exploits/6985

This exploit demonstrates an SQL injection-based authentication bypass in the WEBBDOMAIN Quiz application. The payload manipulates the login query to bypass authentication by injecting a tautology ('1=1') into the username field.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: WEBBDOMAIN Quiz (version unspecified)
No auth needed
Prerequisites: Access to the login page of the vulnerable application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/32108
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32508
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6985
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/46358
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/49761

Scores

EPSS 0.0100
EPSS Percentile 58.3%

Details

CWE
CWE-89
Status published
Products (3)
webbdomain/quiz 1.0
webbdomain/quiz 1.01
webbdomain/quiz < 1.02
Published Apr 06, 2009
Tracked Since Feb 18, 2026