CVE-2006-4142
Virtual War <= 1.5.0 R14 - SQL Injection via Online.php n Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2006-4142. PoCs published by brOmstar.
AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in VWar <= v1.50 R14 via the 'n' parameter in extra/online.php. The PoC provides a crafted URL to extract user credentials (memberid, name, password) using a UNION-based SQLi attack.
Description
SQL injection vulnerability in extra/online.php in Virtual War (VWar) 1.5.0 R14 and earlier allows remote attackers to execute arbitrary SQL commands via the n parameter.
Exploits (1)
This exploit demonstrates a SQL injection vulnerability in VWar <= v1.50 R14 via the 'n' parameter in extra/online.php. The PoC provides a crafted URL to extract user credentials (memberid, name, password) using a UNION-based SQLi attack.