CVE-2008-6965

AJ Square AJ Auction - Unauthenticated Authentication Bypass via Direct Script Request

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6965. PoCs published by G4N0K.

AI-analyzed exploit summary This is a writeup detailing an authentication bypass vulnerability in AJ Auction software. It lists affected versions and paths to exploit the vulnerability, but does not include functional exploit code.

Description

AJ Square AJ Auction OOPD, Pro Platinum Skin #1, Pro Platinum Skin #2, and Web 2.0 send a redirect but do not exit when certain scripts are called directly, which allows remote attackers to bypass authentication via a direct request to (1) site.php, (2) auction.php, (3) mail.php, (4) fee_setting.php, (5) earnings.php, (6) insertion_fee_settings.php, (7) custom_category.php, (8) subcategory.php, (9) category.php, (10) report.php, (11) store_manager.php, and (12) choose_sell_format.php in admin/, and possibly other vectors.

Exploits (1)

exploitdb WRITEUP VERIFIED
by G4N0K · textwebappsphp
https://www.exploit-db.com/exploits/7087

This is a writeup detailing an authentication bypass vulnerability in AJ Auction software. It lists affected versions and paths to exploit the vulnerability, but does not include functional exploit code.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: AJ Auction (various versions including Pro Platinum Skin #1, Pro Platinum Skin #2, and Web 2.0)
No auth needed
Prerequisites: Access to the target admin panel URLs
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/46528
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/7087
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/32243

Scores

EPSS 0.0257
EPSS Percentile 83.2%

Details

CWE
CWE-287
Status published
Products (4)
aj_square/aj_auction
aj_square/aj_auction 1.0
aj_square/aj_auction 2.0
aj_square/aj_auction web_2.0
Published Aug 13, 2009
Tracked Since Feb 18, 2026