CVE-2006-0088

inTouch 0.5.1 Alpha - SQL Injection via User Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-0088. PoCs published by Aliaksandr Hartsuyeu.

AI-analyzed exploit summary This exploit demonstrates an SQL injection vulnerability in inTouch by providing a malicious username input that bypasses authentication. The payload manipulates the SQL query to return true, allowing login with any password.

Description

SQL injection vulnerability in intouch.lib.php in inTouch 0.5.1 Alpha allows remote attackers to execute arbitrary SQL commands via the user parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Aliaksandr Hartsuyeu · textwebappsphp

https://www.exploit-db.com/exploits/27003

View Code ZIP pw:eip

This exploit demonstrates an SQL injection vulnerability in inTouch by providing a malicious username input that bypasses authentication. The payload manipulates the SQL query to return true, allowing login with any password.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: inTouch (version unspecified)

No auth needed

Prerequisites: Access to the login page of the vulnerable application

MITRE ATT&CK