CVE-2006-0750

supersmashbrothers Army System 2.1.0 - SQL Injection via userstat Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-0750. PoCs published by fRoGGz.

AI-analyzed exploit summary This exploit targets a SQL injection vulnerability in Invision Power Board Army System Mod 2.1. It crafts a malicious SQL query via the 'userstat' parameter to extract user information, specifically the MD5 hash of a user's password.

Description

SQL injection vulnerability in army.php in supersmashbrothers (SSB) Army System 2.1.0 for Invision Power Board (IPB) allows remote attackers to execute arbitrary SQL commands via the userstat parameter in an army action to index.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by fRoGGz · phpwebappsphp

https://www.exploit-db.com/exploits/1492

View Code ZIP pw:eip

This exploit targets a SQL injection vulnerability in Invision Power Board Army System Mod 2.1. It crafts a malicious SQL query via the 'userstat' parameter to extract user information, specifically the MD5 hash of a user's password.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Invision Power Board Army System Mod 2.1

No auth needed

Prerequisites: Target URL with vulnerable Invision Power Board installation · Knowledge of SQL table prefix

MITRE ATT&CK