CVE-2009-1032

YABSoft Advanced Image Hosting Script 2.3 - SQL Injection via Gallery List gal Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-1032. PoCs published by boom3rang.

AI-analyzed exploit summary This exploit demonstrates a blind SQL injection vulnerability in Advanced Image Hosting (AIH) v2.3. It uses time-based techniques to extract admin credentials from the database by manipulating the 'gal' parameter in the gallery_list.php script.

Description

SQL injection vulnerability in gallery_list.php in YABSoft Advanced Image Hosting (AIH) Script 2.3 allows remote attackers to execute arbitrary SQL commands via the gal parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by boom3rang · textwebappsphp

https://www.exploit-db.com/exploits/8238

View Code ZIP pw:eip

This exploit demonstrates a blind SQL injection vulnerability in Advanced Image Hosting (AIH) v2.3. It uses time-based techniques to extract admin credentials from the database by manipulating the 'gal' parameter in the gallery_list.php script.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Advanced Image Hosting (AIH) v2.3

No auth needed

Prerequisites: Target running Advanced Image Hosting (AIH) v2.3 · Access to the gallery_list.php script

MITRE ATT&CK