CVE-2006-0311

aoblogger 2.3 - SQL Injection via Username Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-0311. PoCs published by Aliaksandr Hartsuyeu.

AI-analyzed exploit summary The provided text describes a SQL injection vulnerability in AOblogger 2.3, where improper input sanitization allows attackers to bypass authentication via crafted input in the login form. The example demonstrates a basic SQLi payload to compromise the application.

Description

SQL injection vulnerability in login.php in aoblogger 2.3 allows remote attackers to execute arbitrary SQL commands via the username parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Aliaksandr Hartsuyeu · textwebappsphp

https://www.exploit-db.com/exploits/27105

View Code ZIP pw:eip

The provided text describes a SQL injection vulnerability in AOblogger 2.3, where improper input sanitization allows attackers to bypass authentication via crafted input in the login form. The example demonstrates a basic SQLi payload to compromise the application.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: AOblogger 2.3

No auth needed

Prerequisites: Access to the login page of AOblogger

MITRE ATT&CK