CVE-2006-4025

XennoBB < 2.1.0 - Authenticated SQL Injection via Profile Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4025. PoCs published by Chris Boulton.

AI-analyzed exploit summary This exploit demonstrates an SQL injection vulnerability in XennoBB 2.1.0 by manipulating the POST request to profile.php to gain administrative privileges. The payload injects SQL code into the birthday fields to alter the user's group_id.

Description

SQL injection vulnerability in profile.php in XennoBB 2.1.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) bday_day, (2) bday_month, and (3) bday_year parameters in the personal section.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Chris Boulton · textwebappsphp

https://www.exploit-db.com/exploits/28347

View Code ZIP pw:eip

This exploit demonstrates an SQL injection vulnerability in XennoBB 2.1.0 by manipulating the POST request to profile.php to gain administrative privileges. The payload injects SQL code into the birthday fields to alter the user's group_id.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: XennoBB 2.1.0

Auth required

Prerequisites: Access to a valid user account · Ability to send crafted POST requests to profile.php

MITRE ATT&CK