CVE-2006-1572

Oxygen 1.1.3 - SQL Injection via fid Parameter in newthread Action

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1572. PoCs published by Morocco Security Team.

AI-analyzed exploit summary The provided text describes an SQL injection vulnerability in Oxygen versions 1.1.3 and prior, where the 'fid' parameter in the 'newthread' action is not properly sanitized. This allows attackers to manipulate SQL queries, potentially compromising the application or underlying database.

Description

SQL injection vulnerability in post.php in Oxygen 1.1.3 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a newthread action.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Morocco Security Team · textwebappsphp

https://www.exploit-db.com/exploits/27535

View Code ZIP pw:eip

The provided text describes an SQL injection vulnerability in Oxygen versions 1.1.3 and prior, where the 'fid' parameter in the 'newthread' action is not properly sanitized. This allows attackers to manipulate SQL queries, potentially compromising the application or underlying database.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: Oxygen 1.1.3 and prior

No auth needed

Prerequisites: Access to the vulnerable endpoint · Ability to craft malicious SQL queries

MITRE ATT&CK