CVE-2006-0320

bit_5_blog < 8.01 - SQL Injection via Username or Password Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-0320. PoCs published by Aliaksandr Hartsuyeu.

AI-analyzed exploit summary This exploit demonstrates an SQL injection vulnerability in Bit 5 Blog by bypassing authentication via crafted input in the login form. The PoC uses a simple SQLi payload to authenticate without valid credentials.

Description

SQL injection vulnerability in admin/processlogin.php in Bit 5 Blog 8.01 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (2) password parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Aliaksandr Hartsuyeu · textwebappsphp

https://www.exploit-db.com/exploits/27084

View Code ZIP pw:eip

This exploit demonstrates an SQL injection vulnerability in Bit 5 Blog by bypassing authentication via crafted input in the login form. The PoC uses a simple SQLi payload to authenticate without valid credentials.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Bit 5 Blog

No auth needed

Prerequisites: Access to the login page of Bit 5 Blog

MITRE ATT&CK