CVE-2006-1828

php121_instant_messenger < 1.4 - SQL Injection and Remote Code Execution via sess_username Cookie

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1828. PoCs published by rgod.

AI-analyzed exploit summary This exploit targets a SQL injection vulnerability in PHP121 Instant Messenger <= 1.4, allowing remote command execution by poisoning session cookies and including malicious code in log files. It works when magic_quotes_gpc is disabled.

Description

SQL injection vulnerability in php121language.php in PHP121 1.4 allows remote attackers to execute arbitrary SQL commands and execute arbitrary code via the sess_username variable, as set by the php121un HTTP COOKIE parameter, which is used in multiple files including php121login.php. NOTE: the code execution occurs because the SQL query results are used in an include statement.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · phpwebappsphp

https://www.exploit-db.com/exploits/1666

View Code ZIP pw:eip

This exploit targets a SQL injection vulnerability in PHP121 Instant Messenger <= 1.4, allowing remote command execution by poisoning session cookies and including malicious code in log files. It works when magic_quotes_gpc is disabled.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: PHP121 Instant Messenger <= 1.4

No auth needed

Prerequisites: magic_quotes_gpc = Off · MySQL >=4.1.1 · Write access to log files

MITRE ATT&CK