CVE-2006-3184

ASP Stats Generator <2.1.2 - Code Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-3184. PoCs published by Hamid Ebadi.

AI-analyzed exploit summary The exploit demonstrates SQL injection and ASP code injection vulnerabilities in ASP Stats Generator. It includes functional payloads for both SQLi (via union-based injection) and arbitrary file upload (via unsanitized input in settings_skin.asp).

Description

Direct static code injection vulnerability in ASP Stats Generator before 2.1.2 allows remote authenticated attackers to execute arbitrary ASP code via the strAsgSknPageBgColour parameter to settings_skin.asp, which is stored in inc_skin_file.asp.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Hamid Ebadi · textwebappsasp

https://www.exploit-db.com/exploits/1931

View Code ZIP pw:eip

The exploit demonstrates SQL injection and ASP code injection vulnerabilities in ASP Stats Generator. It includes functional payloads for both SQLi (via union-based injection) and arbitrary file upload (via unsanitized input in settings_skin.asp).

Classification

Working Poc 95%

Attack Type

Sqli | Rce

Complexity

Trivial

Reliability

Reliable

Target: ASP Stats Generator 2.1.1 and below

No auth needed

Prerequisites: Access to the vulnerable ASP Stats Generator web interface

MITRE ATT&CK