CVE-2006-3727

Eskolar CMS 0.9.0.0 - SQL Injection via Multiple Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-3727. PoCs published by Jacek Wlodarczyk.

AI-analyzed exploit summary This Perl script exploits a blind SQL injection vulnerability in Eskolar CMS 0.9.0.0 to extract admin credentials. It bypasses authentication by injecting crafted SQL queries into the 'doc_id' parameter.

Description

Multiple SQL injection vulnerabilities in Eskolar CMS 0.9.0.0 allow remote attackers to execute arbitrary SQL commands via the (1) gr_1_id, (2) gr_2_id, (3) gr_3_id, and (4) doc_id parameters in (a) index.php; the (5) uid and (6) pwd parameters in (b) php/esa.php; and possibly other vectors related to files in php/lib/ including (c) del.php, (d) download_backup.php, (e) navig.php, (f) restore.php, (g) set_12.php, (h) set_14.php, and (i) upd_doc.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Jacek Wlodarczyk · perlwebappsphp

https://www.exploit-db.com/exploits/2032

View Code ZIP pw:eip

This Perl script exploits a blind SQL injection vulnerability in Eskolar CMS 0.9.0.0 to extract admin credentials. It bypasses authentication by injecting crafted SQL queries into the 'doc_id' parameter.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Eskolar CMS 0.9.0.0

No auth needed

Prerequisites: Target must be running Eskolar CMS 0.9.0.0 · Network access to the target

MITRE ATT&CK