CVE-2006-2552

Jemscripts DownloadControl 1.0 - Information Disclosure via Invalid dcid Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-2552. PoCs published by Luny.

AI-analyzed exploit summary The provided text describes an SQL injection vulnerability in DownloadControl 1.0, where unsanitized input in the 'dcid' parameter can be exploited. The example URL demonstrates a basic SQLi attempt but lacks executable exploit code.

Description

Jemscripts DownloadControl 1.0 allows remote attackers to obtain sensitive information via an invalid dcid parameter to dc.php, which leaks the pathname in an error message. NOTE: this was originally claimed to be SQL injection, but it is probably resultant from another issue in functions.php.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Luny · textwebappsphp

https://www.exploit-db.com/exploits/27899

View Code ZIP pw:eip

The provided text describes an SQL injection vulnerability in DownloadControl 1.0, where unsanitized input in the 'dcid' parameter can be exploited. The example URL demonstrates a basic SQLi attempt but lacks executable exploit code.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: DownloadControl 1.0

No auth needed

Prerequisites: Access to the vulnerable web application

MITRE ATT&CK