CVE-2006-1481

php_ticket 0.71 - Authenticated SQL Injection via search.php frm_search_in Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1481. PoCs published by undefined1_.

AI-analyzed exploit summary This exploit targets a SQL injection vulnerability in php ticket <= 0.71, allowing an attacker to dump user credentials from the database. It uses a UNION-based SQLi to extract usernames and passwords encrypted with MySQL's PASSWORD() function.

Description

SQL injection vulnerability in search.php in PHP Ticket 0.71 allows remote authenticated users to execute arbitrary SQL commands and obtain usernames and passwords via the frm_search_in parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by undefined1_ · perlwebappsphp

https://www.exploit-db.com/exploits/1609

View Code ZIP pw:eip

This exploit targets a SQL injection vulnerability in php ticket <= 0.71, allowing an attacker to dump user credentials from the database. It uses a UNION-based SQLi to extract usernames and passwords encrypted with MySQL's PASSWORD() function.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: php ticket <= 0.71

Auth required

Prerequisites: Valid user credentials for authentication · Access to the search.php endpoint

MITRE ATT&CK