CVE-2006-3309

Scout Portal Toolkit <1.4.0 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-3309. PoCs published by simo64.

AI-analyzed exploit summary This Perl script exploits a SQL injection vulnerability in Scout Portal Toolkit 1.4.0 via the 'forumid' parameter in SPT--ForumTopics.php. It extracts admin credentials (username, password, and email) by injecting a UNION-based SQL query.

Description

SQL injection vulnerability in SPT--ForumTopics.php in Scout Portal Toolkit (SPT) 1.4.0 and earlier allows remote attackers to execute arbitrary SQL commands via the forumid parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by simo64 · perlwebappsphp

https://www.exploit-db.com/exploits/1957

View Code ZIP pw:eip

This Perl script exploits a SQL injection vulnerability in Scout Portal Toolkit 1.4.0 via the 'forumid' parameter in SPT--ForumTopics.php. It extracts admin credentials (username, password, and email) by injecting a UNION-based SQL query.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Scout Portal Toolkit <= 1.4.0

No auth needed

Prerequisites: Target URL with vulnerable SPT installation · Network access to the target

MITRE ATT&CK