Exploitation Summary
EIP tracks 1 public exploit for CVE-2004-2551. PoCs published by Noam Rathaus.
AI-analyzed exploit summary The provided text describes SQL injection vulnerabilities in HelpBox 3.0.1, specifically in the 'editcommentenduser.asp' script, due to improper sanitization of user-supplied input. It outlines potential impacts such as unauthorized data access or manipulation.
Description
Multiple SQL injection vulnerabilities in Layton HelpBox 3.0.1 allow remote attackers to execute arbitrary SQL commands via (1) the sys_comment_id parameter in editcommentenduser.asp, (2) the sys_suspend_id parameter in editsuspensionuser.asp, (3) the table parameter in export_data.asp, (4) the sys_analgroup parameter in manageanalgrouppreference.asp, (5) the sys_asset_id parameter in quickinfoassetrequests.asp, (6) the sys_eusername parameter in quickinfoenduserrequests.asp, and the sys_request_id parameter in (7) requestauditlog.asp, (8) requestcommentsenduser.asp, (9) selectrequestapplytemplate.asp, and (10) selectrequestlink.asp, resulting in an ability to create a new HelpBox user account and read, modify, or delete data from the backend database.
Exploits (1)
The provided text describes SQL injection vulnerabilities in HelpBox 3.0.1, specifically in the 'editcommentenduser.asp' script, due to improper sanitization of user-supplied input. It outlines potential impacts such as unauthorized data access or manipulation.