CVE-2006-3065

blur6ex 0.3.462 - SQL Injection via ID Parameter in Blog Shard

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-3065. PoCs published by rgod.

AI-analyzed exploit summary This exploit demonstrates a blind SQL injection vulnerability in blur6ex <= 0.3.462 by leveraging time-based delays via MySQL's benchmark() function to extract admin credentials. It uses a cookie-based injection to bypass authentication and retrieve the username and password from the database.

Description

SQL injection vulnerability in engine/shards/blog.php in blur6ex 0.3.462 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a proc_reply action in the blog shard. NOTE: This is a similar vulnerability to CVE-2006-1763, but the affected code and versions are different.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · phpwebappsphp

https://www.exploit-db.com/exploits/1904

View Code ZIP pw:eip

This exploit demonstrates a blind SQL injection vulnerability in blur6ex <= 0.3.462 by leveraging time-based delays via MySQL's benchmark() function to extract admin credentials. It uses a cookie-based injection to bypass authentication and retrieve the username and password from the database.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: blur6ex <= 0.3.462

No auth needed

Prerequisites: Target must be running blur6ex <= 0.3.462 · MySQL database backend · Network access to the target

MITRE ATT&CK