CVE-2006-5765

article_script <= 1.6.3 - SQL Injection via RSS Category Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5765. PoCs published by Liz0ziM.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in Article Script versions 1.* and 1.6.3. The PoC shows how an attacker can extract admin credentials by injecting a UNION-based SQL query into the 'category' parameter of the RSS feed script.

Description

SQL injection vulnerability in rss.php in Article Script 1.6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Liz0ziM · textwebappsphp

https://www.exploit-db.com/exploits/2728

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in Article Script versions 1.* and 1.6.3. The PoC shows how an attacker can extract admin credentials by injecting a UNION-based SQL query into the 'category' parameter of the RSS feed script.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Article Script v1.* and v1.6.3

No auth needed

Prerequisites: Target must be running Article Script v1.* or v1.6.3 · RSS feed functionality must be enabled

MITRE ATT&CK