CVE-2006-4444

Cybozu Garoon 2.1.0 - Authenticated SQL Injection via Multiple Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4444. PoCs published by Tan Chew Keong.

AI-analyzed exploit summary This advisory details multiple SQL injection vulnerabilities in Cybozu Garoon 2, allowing authenticated users to extract sensitive data or cause DoS via crafted SQL queries. Examples include UNION-based attacks to retrieve admin password hashes and resource exhaustion via benchmark functions.

Description

Multiple SQL injection vulnerabilities in Cybozu Garoon 2.1.0 for Windows allow remote authenticated users to execute arbitrary SQL commands via the (1) tid parameter in the (a) todo/view (aka TODO List View), (b) todo/modify (aka TODO List Modify), or (c) todo/delete functionality; the (2) pid parameter in the (d) workflow/view or (e) workflow/print functionality; the (3) uid parameter in the (f) schedule/user_view, (g) phonemessage/add, (h) phonemessage/history, or (i) schedule/view functionality; the (4) cid parameter in (j) todo/index; the (5) iid parameter in the (k) memo/view or (l) memo/print functionality; or the (6) event parameter in the (m) schedule/view functionality.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Tan Chew Keong · textwebappscgi

https://www.exploit-db.com/exploits/2267

View Code ZIP pw:eip

This advisory details multiple SQL injection vulnerabilities in Cybozu Garoon 2, allowing authenticated users to extract sensitive data or cause DoS via crafted SQL queries. Examples include UNION-based attacks to retrieve admin password hashes and resource exhaustion via benchmark functions.

Classification

Writeup 100%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Cybozu Garoon 2 Version 2.1.0 for Windows

Auth required

Prerequisites: Authenticated user access · Valid session

MITRE ATT&CK