CVE-2006-2065

PHPSurveyor <= 0.995 - SQL Injection via surveyid Cookie

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-2065. PoCs published by rgod.

AI-analyzed exploit summary This exploit targets PHPSurveyor <= 0.995 by injecting malicious PHP code into log files via HTTP headers and then triggering its execution through a SQL injection in the 'surveyid' parameter. It bypasses magic_quotes_gpc and attempts multiple log file paths for inclusion.

Description

SQL injection vulnerability in save.php in PHPSurveyor 0.995 and earlier allows remote attackers to execute arbitrary SQL commands via the surveyid cookie. NOTE: this issue could be leveraged to execute arbitrary PHP code, as demonstrated by inserting directory traversal sequences into the database, which are then processed by the thissurvey['language'] variable.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · phpwebappsphp

https://www.exploit-db.com/exploits/1701

View Code ZIP pw:eip

This exploit targets PHPSurveyor <= 0.995 by injecting malicious PHP code into log files via HTTP headers and then triggering its execution through a SQL injection in the 'surveyid' parameter. It bypasses magic_quotes_gpc and attempts multiple log file paths for inclusion.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: PHPSurveyor <= 0.995

No auth needed

Prerequisites: At least one row in the 'surveys' table · Write access to log files · PHP environment with accessible logs

MITRE ATT&CK