CVE-2005-2048

Exploitation Summary

EIP tracks 4 public exploits for CVE-2005-2048. PoCs published by Dedi Dwianto.

AI-analyzed exploit summary This is a vulnerability writeup describing SQL injection flaws in DUforum's admin/userEdit.asp page. It lacks executable exploit code but provides a proof-of-concept URL pattern for exploitation.

Description

Multiple SQL injection vulnerabilities in DUware DUforum 3.1, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via the (1) iMsg parameter to messages.asp, iFor parameter to (2) post.asp or (3) forums.asp, or (4) id parameter to userEdit.asp. NOTE: vectors 1 and 3 were later reported to affect version 3.0.

Exploits (4)

exploitdb WRITEUP VERIFIED

by Dedi Dwianto · textwebappsasp

https://www.exploit-db.com/exploits/25871

View Code ZIP pw:eip

This is a vulnerability writeup describing SQL injection flaws in DUforum's admin/userEdit.asp page. It lacks executable exploit code but provides a proof-of-concept URL pattern for exploitation.

Classification

Writeup 80%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: DUforum (version unspecified)

Auth required

Prerequisites: Access to the admin/userEdit.asp page · Valid session or authentication bypass

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by Dedi Dwianto · textwebappsasp

https://www.exploit-db.com/exploits/25869

View Code ZIP pw:eip

The provided text describes a SQL injection vulnerability in DUforum, where the 'iFor' parameter in 'post.asp' is not properly sanitized. It references a SecurityFocus BID but lacks actual exploit code or technical details.

Classification

Writeup 80%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: DUforum (version unspecified)

No auth needed

Prerequisites: Access to the vulnerable DUforum instance

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by Dedi Dwianto · textwebappsasp

https://www.exploit-db.com/exploits/25868

View Code ZIP pw:eip

The provided text describes a SQL injection vulnerability in DUforum, where the 'iMsg' parameter in 'messages.asp' is not properly sanitized. It includes an example URL demonstrating the vulnerability but lacks executable exploit code.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: DUforum (version not specified)

No auth needed

Prerequisites: Access to the vulnerable DUforum application

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by Dedi Dwianto · textwebappsasp

https://www.exploit-db.com/exploits/25870

View Code ZIP pw:eip

This is a vulnerability writeup describing SQL injection flaws in DUforum. It provides a high-level overview of the issue and a sample exploit URL but lacks executable PoC code.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: DUforum (version not specified)

No auth needed

Prerequisites: Access to the DUforum application

MITRE ATT&CK