CVE-2006-5802

The Web Drivers Simple Forum - SQL Injection via message_details.php id Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5802. PoCs published by Bl0od3r.

AI-analyzed exploit summary This exploit is a Perl script that performs an SQL injection attack against a vulnerable web application to extract user credentials. It targets the 'message_details.php' script with a UNION-based SQLi to dump usernames and passwords from the 'tbl_register' table.

Description

SQL injection vulnerability in message_details.php in The Web Drivers Simple Forum, dated 20060318, allows remote attackers to execute arbitrary SQL commands via the id parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Bl0od3r · perlwebappsphp

https://www.exploit-db.com/exploits/2722

View Code ZIP pw:eip

This exploit is a Perl script that performs an SQL injection attack against a vulnerable web application to extract user credentials. It targets the 'message_details.php' script with a UNION-based SQLi to dump usernames and passwords from the 'tbl_register' table.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Unknown web application (likely a forum or similar software from 2006)

No auth needed

Prerequisites: Target host running vulnerable web application · Network access to the target · Knowledge of the table structure (or ability to guess)

MITRE ATT&CK