CVE-2006-4592

8pixel.net Simple Blog <= 2.3 - SQL Injection via id Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4592. PoCs published by Vipsta/MurderSkillz.

AI-analyzed exploit summary This exploit demonstrates a remote SQL injection vulnerability in SimpleBlog 2.3 by bypassing the vendor's input filtering. The attack leverages the '>' symbol, which was not removed by the vendor, to perform a UNION-based SQL injection and extract user credentials from the database.

Description

Incomplete blacklist vulnerability in default.asp in 8pixel.net Simple Blog 2.3 and earlier allows remote attackers to conduct SQL injection attacks via ">" characters in the id parameter, which are not filtered by the protection mechanism.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Vipsta/MurderSkillz · textwebappsasp

https://www.exploit-db.com/exploits/2296

View Code ZIP pw:eip

This exploit demonstrates a remote SQL injection vulnerability in SimpleBlog 2.3 by bypassing the vendor's input filtering. The attack leverages the '>' symbol, which was not removed by the vendor, to perform a UNION-based SQL injection and extract user credentials from the database.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: SimpleBlog 2.3

No auth needed

Prerequisites: Target running SimpleBlog 2.3 · Database with UNION support

MITRE ATT&CK