CVE-2006-2725

Eggblog < 3.0.6 - SQL Injection via RSS Posts ID Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-2725. PoCs published by nukedx.

AI-analyzed exploit summary This exploit demonstrates a privilege escalation vulnerability in Eggblog 2.x by leveraging a registration form to create an admin account. It also includes an SQL injection example for Eggblog <= 3.0.6 to dump user credentials.

Description

SQL injection vulnerability in rss/posts.php in Eggblog before 3.07 allows remote attackers to execute arbitrary SQL commands via the id parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by nukedx · htmlwebappsphp

https://www.exploit-db.com/exploits/1842

View Code ZIP pw:eip

This exploit demonstrates a privilege escalation vulnerability in Eggblog 2.x by leveraging a registration form to create an admin account. It also includes an SQL injection example for Eggblog <= 3.0.6 to dump user credentials.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Eggblog <= 3.0.6

No auth needed

Prerequisites: Target must have Eggblog installed with vulnerable version · Registration must be enabled

MITRE ATT&CK