Exploitation Summary
EIP tracks 5 public exploits for CVE-2006-3271. PoCs published by 41.w4r10r, EllipSiS Security.
AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in SoftBizScripts Dating Script via the 'browse' parameter in search_results.php. The PoC shows how to extract database version information using a UNION-based SQLi attack.
Description
Multiple SQL injection vulnerabilities in Softbiz Dating 1.0 allow remote attackers to execute SQL commands via the (1) country and (2) sort_by parameters in (a) search_results.php; (3) browse parameter in (b) featured_photos.php; (4) cid parameter in (c) products.php, (d) index.php, and (e) news_desc.php.
Exploits (5)
This exploit demonstrates a SQL injection vulnerability in SoftBizScripts Dating Script via the 'browse' parameter in search_results.php. The PoC shows how to extract database version information using a UNION-based SQLi attack.
The provided text describes a SQL injection vulnerability in Softbiz Dating Script, where the 'cid' parameter in 'products.php' is not properly sanitized. It lacks actual exploit code, serving only as a vulnerability description.
The provided text describes a SQL injection vulnerability in Softbiz Dating Script, where the 'id' parameter in 'news_desc.php' is not properly sanitized. It includes a basic example URL for exploitation but lacks actual exploit code.
The provided text describes a SQL injection vulnerability in Softbiz Dating Script, where the 'cid' parameter in the URL is not properly sanitized. This allows attackers to inject malicious SQL queries, potentially compromising the application or underlying database.
The provided text describes a SQL injection vulnerability in Softbiz Dating Script, where the 'browse' parameter in 'featured_photos.php' is not properly sanitized. It includes a basic example URL for exploitation but lacks actual exploit code.