CVE-2005-2323

Class-1 Forum 0.23.2-0.24.4 - SQL Injection via Multiple Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-2323. PoCs published by basher13.

AI-analyzed exploit summary This exploit targets a SQL injection vulnerability in phpMyFamily, specifically in the 'people.php' script. It extracts admin credentials by injecting a UNION-based SQL query to retrieve the username and password hash from the 'family_users' table.

Description

Multiple SQL injection vulnerabilities in Class-1 Forum 0.24.4 and 0.23.2, and Clever Copy with forums installed, allow remote attackers to modify SQL statements via the (1) id parameter to viewattach.php, (2) viewuser_id parameter to users.php, or the (3) id or (4) forum parameter to viewforum.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by basher13 · perlwebappsphp

https://www.exploit-db.com/exploits/1208

View Code ZIP pw:eip

This exploit targets a SQL injection vulnerability in phpMyFamily, specifically in the 'people.php' script. It extracts admin credentials by injecting a UNION-based SQL query to retrieve the username and password hash from the 'family_users' table.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: phpMyFamily (version not specified)

No auth needed

Prerequisites: Target must be running phpMyFamily with vulnerable 'people.php' script · Network access to the target web server

MITRE ATT&CK