CVE-2008-6988

ezphotogallery 2.1 - Cross-Site Scripting via galleryid, size, or imageid Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6988. PoCs published by Khashayar Fereidani.

AI-analyzed exploit summary This Perl script exploits multiple vulnerabilities in Ezphotogallery 2.1, including SQL injection for credential extraction and file disclosure. It demonstrates functional exploit code for CVE-2008-6988.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Easy Photo Gallery (aka Ezphotogallery) 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) galleryid parameter to gallery.php, and the (2) size or (3) imageid parameters to show.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Khashayar Fereidani · perlwebappsphp

https://www.exploit-db.com/exploits/6428

View Code ZIP pw:eip

This Perl script exploits multiple vulnerabilities in Ezphotogallery 2.1, including SQL injection for credential extraction and file disclosure. It demonstrates functional exploit code for CVE-2008-6988.

Classification

Working Poc 95%

Attack Type

Sqli | Info Leak | Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Ezphotogallery 2.1

No auth needed

Prerequisites: Target URL with vulnerable Ezphotogallery installation

MITRE ATT&CK