CVE-2006-4857

ClickTech ClickBlog 2.0 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4857. PoCs published by ajann.

AI-analyzed exploit summary This exploit demonstrates an SQL injection vulnerability in ClickBlog! 2.0 and earlier versions. The provided credentials bypass authentication by injecting SQL conditions into the login fields.

Description

SQL injection vulnerability in default.asp (aka the login page) in ClickTech ClickBlog 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) form_codeword (aka the Password field) parameters.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ajann · textwebappsasp

https://www.exploit-db.com/exploits/28577

View Code ZIP pw:eip

This exploit demonstrates an SQL injection vulnerability in ClickBlog! 2.0 and earlier versions. The provided credentials bypass authentication by injecting SQL conditions into the login fields.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: ClickBlog! 2.0 and earlier

No auth needed

Prerequisites: Access to the login page of a vulnerable ClickBlog! instance

MITRE ATT&CK