CVE-2005-3369

Woltlab Burning Board <2.7 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-3369. PoCs published by [email protected].

AI-analyzed exploit summary This Perl script exploits a SQL injection vulnerability in Woltlab Burning Board <= 2.3.3 via the info_db.php file. It retrieves the MD5 hash of a specified user by injecting a UNION-based SQL query.

Description

Multiple SQL injection vulnerabilities in the Info-DB module (info_db.php) in Woltlab Burning Board 2.7 and earlier allow remote attackers to execute arbitrary SQL commands and possibly upload files via the (1) fileid and (2) subkatid parameters.

Exploits (1)

exploitdb WORKING POC VERIFIED

by [email protected] · perlwebappsphp

https://www.exploit-db.com/exploits/26425

View Code ZIP pw:eip

This Perl script exploits a SQL injection vulnerability in Woltlab Burning Board <= 2.3.3 via the info_db.php file. It retrieves the MD5 hash of a specified user by injecting a UNION-based SQL query.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Woltlab Burning Board <= 2.3.3

No auth needed

Prerequisites: Target URL · User ID

MITRE ATT&CK