CVE-2005-4140

Website Baker 2.6.0 - SQL Injection via Username Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-4140. PoCs published by rgod.

AI-analyzed exploit summary This exploit bypasses authentication in Website Baker 2.6.0 by leveraging SQL injection when magic_quotes_gpc is off, allowing remote command execution. The script provides a web interface to input target details and execute arbitrary commands.

Description

SQL injection vulnerability in admin/login/index.php in Website Baker 2.6.0 allows remote attackers to execute arbitrary SQL commands via the username parameter, as used by the user field.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · phpwebappsphp

https://www.exploit-db.com/exploits/1363

View Code ZIP pw:eip

This exploit bypasses authentication in Website Baker 2.6.0 by leveraging SQL injection when magic_quotes_gpc is off, allowing remote command execution. The script provides a web interface to input target details and execute arbitrary commands.

Classification

Working Poc 95%

Attack Type

Auth Bypass | Sqli | Rce

Complexity

Trivial

Reliability

Reliable

Target: Website Baker <= 2.6.0

No auth needed

Prerequisites: magic_quotes_gpc must be disabled on the target server

MITRE ATT&CK