CVE-2006-0345

SaralBlog 1.0 - SQL Injection via Search Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-0345. PoCs published by Aliaksandr Hartsuyeu.

AI-analyzed exploit summary The provided text describes SQL injection vulnerabilities in saralblog due to improper input sanitization. It includes proof-of-concept URI examples demonstrating SQLi via the 'id' and 'search' parameters.

Description

Multiple SQL injection vulnerabilities in SaralBlog 1.0 allow remote attackers to execute arbitrary SQL commands via the search parameter to search.php. NOTE: the id/viewprofile.php issue is already covered by CVE-2005-4058.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Aliaksandr Hartsuyeu · textwebappsphp

https://www.exploit-db.com/exploits/27112

View Code ZIP pw:eip

The provided text describes SQL injection vulnerabilities in saralblog due to improper input sanitization. It includes proof-of-concept URI examples demonstrating SQLi via the 'id' and 'search' parameters.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: saralblog (version not specified)

No auth needed

Prerequisites: Access to the vulnerable application

MITRE ATT&CK