CVE-2006-5889

BrewBlogger 1.3.1 - SQL Injection via printLog.php id Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5889. PoCs published by Craig Heffner.

AI-analyzed exploit summary This Perl script exploits a SQL injection vulnerability in BrewBlogger 1.3.1 by crafting a malicious URL that extracts user credentials from the database via a UNION-based attack. It targets the 'id' parameter in printLog.php to enumerate usernames and passwords.

Description

SQL injection vulnerability in printLog.php in BrewBlogger (BB) 1.3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Craig Heffner · pythonwebappsphp
https://www.exploit-db.com/exploits/2751

This Perl script exploits a SQL injection vulnerability in BrewBlogger 1.3.1 by crafting a malicious URL that extracts user credentials from the database via a UNION-based attack. It targets the 'id' parameter in printLog.php to enumerate usernames and passwords.

Classification
Working Poc 100%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: BrewBlogger 1.3.1
No auth needed
Prerequisites: Target must be running BrewBlogger 1.3.1 · printLog.php must be accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22810
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/21026
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/2751
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/30200
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4467

Scores

EPSS 0.0125
EPSS Percentile 65.4%

Details

Status published
Products (1)
brewblogger/brewblogger 1.3.1
Published Nov 14, 2006
Tracked Since Feb 18, 2026