CVE-2006-1153

d2-shoutbox 4.2 - SQL Injection via Load Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1153. PoCs published by SkOd.

AI-analyzed exploit summary This Perl script exploits a SQL injection vulnerability in D2-Shoutbox 4.2 (IPB Mod) to extract user credentials (password or login key) from the database. It requires authentication via cookies and constructs a malicious SQL query via URL manipulation.

Description

SQL injection vulnerability in D2-Shoutbox 4.2 allows remote attackers to execute arbitrary SQL commands via the load parameter, when performing a Shoutbox action through Invision Power Board (IPB).

Exploits (1)

exploitdb WORKING POC VERIFIED

by SkOd · perlwebappsphp

https://www.exploit-db.com/exploits/1556

View Code ZIP pw:eip

This Perl script exploits a SQL injection vulnerability in D2-Shoutbox 4.2 (IPB Mod) to extract user credentials (password or login key) from the database. It requires authentication via cookies and constructs a malicious SQL query via URL manipulation.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: D2-Shoutbox 4.2 (IPB Mod)

Auth required

Prerequisites: Valid member_id and pass_hash cookies · Target URL with vulnerable D2-Shoutbox installation

MITRE ATT&CK