CVE-2008-6977

aspWebAlbum 3.2 - Cross-Site Scripting via Album Summary Message Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-6977. PoCs published by e.wiZz!, Alemin_Krali.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in aspWebAlbum 3.2, including arbitrary file upload, admin bypass via SQL injection, and XSS. It provides clear URLs and parameters for exploitation.

Description

Cross-site scripting (XSS) vulnerability in album.asp in Full Revolution aspWebAlbum 3.2 allows remote attackers to inject arbitrary web script or HTML via the message parameter in a summary action.

Exploits (2)

exploitdb WORKING POC VERIFIED

by e.wiZz! · textwebappsasp

https://www.exploit-db.com/exploits/6420

View Code ZIP pw:eip

The exploit demonstrates multiple vulnerabilities in aspWebAlbum 3.2, including arbitrary file upload, admin bypass via SQL injection, and XSS. It provides clear URLs and parameters for exploitation.

Classification

Working Poc 90%

Attack Type

Rce | Sqli | Xss | Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: aspWebAlbum 3.2

No auth needed

Prerequisites: Access to the target web application · Knowledge of category names for file upload

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by Alemin_Krali · textwebappsphp

https://www.exploit-db.com/exploits/6357

View Code ZIP pw:eip

This is a writeup detailing multiple vulnerabilities in aspWebAlbum 3.2, including arbitrary file upload, admin bypass, and XSS. It provides URLs and parameters for exploitation but does not include functional exploit code.

Classification

Writeup 90%