CVE-2006-3823

GeodesicSolutions GeoAuctions Premier and GeoClassifieds Basic 2.0.3 - SQL Injection via Index.php b Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2006-3823. PoCs published by LBDT, Esac.

AI-analyzed exploit summary The provided text describes SQL injection vulnerabilities in GeodesicSolutions products when the 'accumulative feedback' feature is enabled. It includes a sample URL demonstrating the vulnerability but lacks executable exploit code.

Description

SQL injection vulnerability in index.php in GeodesicSolutions (1) GeoAuctions Premier 2.0.3 and (2) GeoClassifieds Basic 2.0.3 allows remote attackers to execute arbitrary SQL commands via the b parameter.

Exploits (2)

exploitdb WRITEUP VERIFIED

by LBDT · textwebappsphp

https://www.exploit-db.com/exploits/28250

View Code ZIP pw:eip

The provided text describes SQL injection vulnerabilities in GeodesicSolutions products when the 'accumulative feedback' feature is enabled. It includes a sample URL demonstrating the vulnerability but lacks executable exploit code.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: GeodesicSolutions products (version not specified)

No auth needed

Prerequisites: 'accumulative feedback' feature must be enabled

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC

by Esac · textwebappsphp

https://www.exploit-db.com/exploits/33075

View Code ZIP pw:eip

This exploit demonstrates a time-based blind SQL injection vulnerability in GeoCore MAX DB Ver. 7.3.3. It provides examples of injecting sleep commands into GET and POST parameters to confirm the vulnerability.

Classification

Working Poc 90%