CVE-2006-1001

LanSuite LanParty Intranet System 2.0.6 and 2.1.0 beta - SQL Injection via Board Module fid Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1001. PoCs published by x128.

AI-analyzed exploit summary This exploit targets a SQL injection vulnerability in LanSuite 2.10, allowing an attacker to extract user passwords by manipulating the 'fid' parameter in a crafted HTTP request. The script uses cURL to perform the injection and retrieve the password from the database.

Description

SQL injection vulnerability in the board module in LanSuite LanParty Intranet System 2.0.6 and 2.1.0 beta allows remote attackers to execute arbitrary SQL commands via the fid parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by x128 · phpwebappsphp

https://www.exploit-db.com/exploits/1526

View Code ZIP pw:eip

This exploit targets a SQL injection vulnerability in LanSuite 2.10, allowing an attacker to extract user passwords by manipulating the 'fid' parameter in a crafted HTTP request. The script uses cURL to perform the injection and retrieve the password from the database.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: LanSuite 2.10

No auth needed

Prerequisites: Target URL · User ID · Optional proxy settings

MITRE ATT&CK