CVE-2006-2858

LocazoList Classifieds 1.05e - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-2858. PoCs published by ajann.

AI-analyzed exploit summary This exploit demonstrates an SQL injection vulnerability in LocazoList Classifieds by injecting a UNION-based query to extract sensitive data (email and password) from the database. The attack leverages unsanitized input in the 'msgid' parameter.

Description

SQL injection vulnerability in viewmsg.asp in LocazoList Classifieds 1.05e allows remote attackers to execute arbitrary SQL commands via the msgid parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ajann · textwebappsasp

https://www.exploit-db.com/exploits/27960

View Code ZIP pw:eip

This exploit demonstrates an SQL injection vulnerability in LocazoList Classifieds by injecting a UNION-based query to extract sensitive data (email and password) from the database. The attack leverages unsanitized input in the 'msgid' parameter.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: LocazoList Classifieds

No auth needed

Prerequisites: Target application must be running LocazoList Classifieds with vulnerable 'viewmsg.asp' endpoint

MITRE ATT&CK