CVE-2006-1000

Pentacle In-Out Board <= 3.0 - SQL Injection via newsid or password Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1000. PoCs published by nukedx.

AI-analyzed exploit summary This Perl script exploits a SQL injection vulnerability in Pentacle In-Out Board <= 6.03 via the 'newsdetailsview.asp' page. It extracts admin credentials by manipulating the 'newsid' parameter with a UNION-based SQL injection.

Description

Multiple SQL injection vulnerabilities in Pentacle In-Out Board 3.0 and earlier allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) newsid parameter to newsdetailsview.asp and (2) password parameter to login.asp.

Exploits (1)

exploitdb WORKING POC VERIFIED

by nukedx · perlwebappsasp

https://www.exploit-db.com/exploits/1528

View Code ZIP pw:eip

This Perl script exploits a SQL injection vulnerability in Pentacle In-Out Board <= 6.03 via the 'newsdetailsview.asp' page. It extracts admin credentials by manipulating the 'newsid' parameter with a UNION-based SQL injection.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Pentacle In-Out Board <= 6.03

No auth needed

Prerequisites: Target must be running Pentacle In-Out Board <= 6.03 · Target must have the vulnerable 'newsdetailsview.asp' page accessible

MITRE ATT&CK