Exploitation Summary
EIP tracks 1 public exploit for CVE-2005-3963. PoCs published by Siegfried.
AI-analyzed exploit summary This exploit demonstrates an SQL injection vulnerability in DotClear by injecting a UNION-based query to extract user data and write it to a file. The payload leverages improper input sanitization to execute arbitrary SQL commands.
Description
SQL injection vulnerability in session.php in DotClear before 1.2.3 allows remote attackers to execute arbitrary SQL commands via the dc_xd parameter in a cookie.
Exploits (1)
This exploit demonstrates an SQL injection vulnerability in DotClear by injecting a UNION-based query to extract user data and write it to a file. The payload leverages improper input sanitization to execute arbitrary SQL commands.