CVE-2006-5561

Discuz! GBK 5.0.0 - SQL Injection via cdb_auth Cookie

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5561. PoCs published by rgod.

AI-analyzed exploit summary This exploit targets a SQL injection vulnerability in Discuz! 5.0.0 GBK to disclose admin credentials. It uses a brute-force approach to extract the admin password hash and username by manipulating the authentication key and injecting malicious SQL queries.

Description

SQL injection vulnerability in admincp.php in Discuz! GBK 5.0.0 allows remote attackers to execute arbitrary SQL commands via the cdb_auth cookie.

Exploits (1)

exploitdb WORKING POC VERIFIED
by rgod · phpwebappsphp
https://www.exploit-db.com/exploits/2644

This exploit targets a SQL injection vulnerability in Discuz! 5.0.0 GBK to disclose admin credentials. It uses a brute-force approach to extract the admin password hash and username by manipulating the authentication key and injecting malicious SQL queries.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Complex
Reliability
Reliable
Target: Discuz! 5.0.0 GBK
No auth needed
Prerequisites: Target server running Discuz! 5.0.0 GBK · Network access to the target server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22534
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/2644
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4210
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/20734

Scores

EPSS 0.0104
EPSS Percentile 59.7%

Details

Status published
Products (1)
discuz/discuz_gbk 5.0.0
Published Oct 27, 2006
Tracked Since Feb 18, 2026