Exploitation Summary
EIP tracks 1 public exploit for CVE-2006-3296. PoCs published by simo64.
AI-analyzed exploit summary The provided text describes SQL injection and XSS vulnerabilities in OpenGuestbook due to improper input sanitization. It includes a sample URL demonstrating SQL injection but lacks executable exploit code.
Description
SQL injection vulnerability in view.php in Open Guestbook 0.5 allows remote attackers to execute arbitrary SQL commands via the offset parameter.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by simo64 · textwebappsphp
https://www.exploit-db.com/exploits/28112
The provided text describes SQL injection and XSS vulnerabilities in OpenGuestbook due to improper input sanitization. It includes a sample URL demonstrating SQL injection but lacks executable exploit code.
Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target:
OpenGuestbook (version not specified)
No auth needed
Prerequisites:
Access to the vulnerable OpenGuestbook instance
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/27400
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/2545
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/20796
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/18666
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/1166
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/438381/100/0/threaded
Scores
EPSS
0.0123
EPSS Percentile
64.9%
Details
Status
published
Products (1)
george_currums/open_guestbook
0.5
Published
Jun 29, 2006
Tracked Since
Feb 18, 2026