CVE-2006-0624

Whomp Real Estate Manager XP 2005 - SQL Injection via Username and Password Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-0624. PoCs published by night_warrior771.

AI-analyzed exploit summary This exploit demonstrates an SQL injection vulnerability in Whomp! Real Estate Manager, allowing an attacker to bypass authentication by injecting malicious SQL queries into the login fields. The provided credentials exploit the vulnerability to achieve an authentication bypass.

Description

SQL injection vulnerability in check.asp in Whomp Real Estate Manager XP 2005 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.

Exploits (1)

exploitdb WORKING POC VERIFIED

by night_warrior771 · textwebappsasp

https://www.exploit-db.com/exploits/27169

View Code ZIP pw:eip

This exploit demonstrates an SQL injection vulnerability in Whomp! Real Estate Manager, allowing an attacker to bypass authentication by injecting malicious SQL queries into the login fields. The provided credentials exploit the vulnerability to achieve an authentication bypass.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Whomp! Real Estate Manager

No auth needed

Prerequisites: Access to the login page of the vulnerable application

MITRE ATT&CK