CVE-2006-5892

ASPired2Poll < 1.0 - SQL Injection via MoreInfo.asp id Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5892. PoCs published by ajann.

AI-analyzed exploit summary This Perl script exploits a SQL injection vulnerability in AspPired2 Poll <= 1.0 via the 'MoreInfo.asp' page to extract admin credentials. It performs a UNION-based SQL injection to retrieve the username and password from the 'user' table.

Description

SQL injection vulnerability in MoreInfo.asp in The Net Guys ASPired2Poll 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ajann · perlwebappsasp

https://www.exploit-db.com/exploits/2746

View Code ZIP pw:eip

This Perl script exploits a SQL injection vulnerability in AspPired2 Poll <= 1.0 via the 'MoreInfo.asp' page to extract admin credentials. It performs a UNION-based SQL injection to retrieve the username and password from the 'user' table.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: AspPired2 Poll <= 1.0

No auth needed

Prerequisites: Target server running AspPired2 Poll <= 1.0 · Network access to the target server

MITRE ATT&CK