Exploitation Summary
EIP tracks 1 public exploit for CVE-2006-1140. PoCs published by x128.
AI-analyzed exploit summary This exploit targets a SQL injection vulnerability in RedBlog 0.5's RSS module to extract the administrator's password hash. It uses cURL to send crafted requests and regex to parse the response.
Description
SQL injection vulnerability in rss.php in RedBLoG 0.5 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by x128 · phpwebappsphp
https://www.exploit-db.com/exploits/1567
This exploit targets a SQL injection vulnerability in RedBlog 0.5's RSS module to extract the administrator's password hash. It uses cURL to send crafted requests and regex to parse the response.
Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:
RedBlog 0.5
No auth needed
Prerequisites:
PHP with cURL extension · Network access to target
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (5)
Core 5
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/19181
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/25122
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/17041
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0894
Exploit x_refsource_misc
http://www.x128.net/redblog-05-remote-sql-injection.txt
Scores
EPSS
0.0114
EPSS Percentile
62.3%
Details
Status
published
Products (1)
redblog/redblog
0.5
Published
Mar 10, 2006
Tracked Since
Feb 18, 2026