CVE-2006-4793

TualBLOG 1.0 - SQL Injection via icerikno Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4793. PoCs published by RMx.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in TualBLOG v1.0 via the 'icerikno' parameter in 'icerik.asp'. It extracts admin credentials (email, password, username) from the 'tbl_uye' table by manipulating the SQL query.

Description

Multiple SQL injection vulnerabilities in icerik.asp in TualBLOG 1.0 allow remote attackers to execute arbitrary SQL commands, as demonstrated by the icerikno parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by RMx · textwebappsasp

https://www.exploit-db.com/exploits/2362

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in TualBLOG v1.0 via the 'icerikno' parameter in 'icerik.asp'. It extracts admin credentials (email, password, username) from the 'tbl_uye' table by manipulating the SQL query.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: TualBLOG v1.0

No auth needed

Prerequisites: Access to the vulnerable 'icerik.asp' endpoint

MITRE ATT&CK