CVE-2009-2892

EIP tracks 1 public exploit for CVE-2009-2892. PoCs published by Coksnuss.

AI-analyzed exploit summary This exploit demonstrates an SQL injection vulnerability in Scripteen Free Image Hosting Script v2.3 by manipulating unfiltered cookie values (`cookid` and `cookgid`) to extract the admin password hash. It requires valid user credentials to generate a session cookie.

Multiple SQL injection vulnerabilities in header.php in Scripteen Free Image Hosting Script 2.3 allow remote attackers to execute arbitrary SQL commands via a (1) cookid or (2) cookgid cookie.