CVE-2006-4122

Simple one-file guestbook <1.0 - Auth Bypass

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4122. PoCs published by omnipresent.

AI-analyzed exploit summary This exploit demonstrates an authentication bypass vulnerability in Simple One-File Guestbook version 1.0. By accessing a specific URL with an 'id' parameter, an attacker can delete all guestbook entries without proper authentication.

Description

Simple one-file guestbook 1.0 and earlier allows remote attackers to bypass authentication and delete guestbook entries via a modified id parameter to guestbook.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by omnipresent · textwebappsphp

https://www.exploit-db.com/exploits/28362

View Code ZIP pw:eip

This exploit demonstrates an authentication bypass vulnerability in Simple One-File Guestbook version 1.0. By accessing a specific URL with an 'id' parameter, an attacker can delete all guestbook entries without proper authentication.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Simple One-File Guestbook 1.0

No auth needed

Prerequisites: Access to the target guestbook.php file

MITRE ATT&CK