CVE-2006-0209

TankLogger 2.4 - SQL Injection via livestock_id or tank_id Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-0209. PoCs published by Aliaksandr Hartsuyeu.

AI-analyzed exploit summary The exploit demonstrates a SQL injection vulnerability in TankLogger by injecting a UNION-based payload into the 'livestock_id' parameter. This allows an attacker to extract data from the database by manipulating the SQL query.

Description

SQL injection vulnerability in general_functions.php in TankLogger 2.4 allows remote attackers to execute arbitrary SQL commands via the (1) livestock_id parameter to showInfo.php and (2) tank_id parameter, possibly to livestock.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Aliaksandr Hartsuyeu · textwebappsphp

https://www.exploit-db.com/exploits/27075

View Code ZIP pw:eip

The exploit demonstrates a SQL injection vulnerability in TankLogger by injecting a UNION-based payload into the 'livestock_id' parameter. This allows an attacker to extract data from the database by manipulating the SQL query.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: TankLogger

No auth needed

Prerequisites: Access to the vulnerable endpoint · Basic knowledge of SQL injection techniques

MITRE ATT&CK