CVE-2006-5879

ASPPortal < 4.0.0_beta - SQL Injection via Poll_ID Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5879. PoCs published by ajann.

AI-analyzed exploit summary This ASP script exploits a SQL injection vulnerability in ASPPortal <= 4.0.0 by injecting a UNION-based query to extract usernames and passwords from the 'users' table. It uses Microsoft.XMLHTTP to send malicious POST requests to the target's default1.asp page.

Description

SQL injection vulnerability in default1.asp in ASPPortal 4.0.0 beta and earlier allows remote attackers to execute arbitrary SQL commands via the Poll_ID parameter, a different vector than CVE-2006-1353.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ajann · webappsasp

https://www.exploit-db.com/exploits/2762

View Code ZIP pw:eip

This ASP script exploits a SQL injection vulnerability in ASPPortal <= 4.0.0 by injecting a UNION-based query to extract usernames and passwords from the 'users' table. It uses Microsoft.XMLHTTP to send malicious POST requests to the target's default1.asp page.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: ASPPortal <= 4.0.0

No auth needed

Prerequisites: Target URL with vulnerable ASPPortal installation · User ID to extract credentials for

MITRE ATT&CK