CVE-2006-1123

d2kblog 1.0.3 - SQL Injection via memName Cookie Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1123. PoCs published by DevilBox.

AI-analyzed exploit summary This Perl script exploits a SQL injection vulnerability in D2KBLOG to extract administrator credentials by injecting a malicious SQL query via a cookie header. It uses LWP::UserAgent to send the request and parses the response to extract the username and password.

Description

SQL injection vulnerability in D2KBlog 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the memName parameter in a cookie.

Exploits (1)

exploitdb WORKING POC VERIFIED

by DevilBox · perlwebappsasp

https://www.exploit-db.com/exploits/1569

View Code ZIP pw:eip

This Perl script exploits a SQL injection vulnerability in D2KBLOG to extract administrator credentials by injecting a malicious SQL query via a cookie header. It uses LWP::UserAgent to send the request and parses the response to extract the username and password.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: D2KBLOG (version not specified)

No auth needed

Prerequisites: Target domain and vulnerable page path

MITRE ATT&CK