Pentester Lab: CVE-2012-2661: ActiveRecord SQL injection

  • Name: Pentester Lab: CVE-2012-2661: ActiveRecord SQL injection
  • Date release: 12 Jun 2012

Please remember that VulnHub is a free community resource so we are unable to check the machines that are provided to us. Before you download, please read our FAQs sections dealing with the dangers of running unknown VMs and our suggestions for "protecting yourself and your network. If you understand the risks, please download!


(Size: 330 MB)


(Size: 332 MB)




This exercise explains how you can exploit CVE-2012-2661 to retrieve information from a database.

What you will learn?

  • Exploiting CVE-2012-2661
  • Time based SQL injections

  • Filename: cve-2012-2661_i386.iso
  • File size: 330 MB
  • MD5: 45F7408ED83F5C152CEE983134C2343E
  • SHA1: 4C4DA9968C1D4C07A462CD1AF48EC350B9B87A57

  • Filename: _cve-2012-2661.iso
  • File size: 332 MB
  • MD5: A5BD831460A221867CCA8489D47C9D45
  • SHA1: 452A43B6A6E9462A0E11DFB7A5D623942413457B

  • Format: Disk Image (.ISO)
  • Operating System: Linux

  • DHCP service: Enabled
  • IP address: Automatically assign