CVE-2006-3394

BXCP 0.3.0.4 - SQL Injection via 'where' Parameter in view Action

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-3394. PoCs published by x23.

AI-analyzed exploit summary This exploit targets a SQL injection vulnerability in BXCP (CVE-2006-3394) to dump user credentials (nickname and password hash) from the database. It constructs a malicious HTTP request with a UNION-based SQLi payload to extract data from the `{pre}_users` table.

Description

SQL injection vulnerability in the files mod in index.php in BXCP 0.3.0.4 allows remote attackers to execute arbitrary SQL commands via the where parameter in a view action.

Exploits (1)

exploitdb WORKING POC VERIFIED

by x23 · perlwebappsphp

https://www.exploit-db.com/exploits/1975

View Code ZIP pw:eip

This exploit targets a SQL injection vulnerability in BXCP (CVE-2006-3394) to dump user credentials (nickname and password hash) from the database. It constructs a malicious HTTP request with a UNION-based SQLi payload to extract data from the `{pre}_users` table.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: BXCP (version not specified)

No auth needed

Prerequisites: Target server running vulnerable BXCP · Network access to the target

MITRE ATT&CK