CVE-2006-0759

HiveMail <= 1.3 - SQL Injection via Multiple Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-0759. PoCs published by [Oo].

AI-analyzed exploit summary This Perl script exploits a command injection vulnerability in HiveMail <= 1.3 by injecting arbitrary commands via the 'com' parameter in the addressbook.add.php endpoint. It requires a valid session ID and allows interactive command execution.

Description

Multiple SQL injection vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the contactgroupid parameter in addressbook.update.php, (2) the messageid parameter in addressbook.add.php, (3) the folderid parameter in folders.update.php, and possibly certain parameters in (4) calendar.event.php, (5) index.php, (6) pop.download.php, (7) read.bounce.php, (8) rules.block.php, (9) language.php, and (10) certain other scripts; and allow remote authenticated users to execute arbitrary SQL commands via (11) the folderid parameter in index.php and (12) possibly other parameters in certain other scripts, because $_SERVER['PHP_SELF'] is improperly handled.

Exploits (1)

exploitdb WORKING POC VERIFIED

by [Oo] · perlwebappsphp

https://www.exploit-db.com/exploits/1756

View Code ZIP pw:eip

This Perl script exploits a command injection vulnerability in HiveMail <= 1.3 by injecting arbitrary commands via the 'com' parameter in the addressbook.add.php endpoint. It requires a valid session ID and allows interactive command execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: HiveMail <= 1.3

Auth required

Prerequisites: Valid HiveMail session ID · Network access to the target

MITRE ATT&CK