CVE-2006-6066

Dragon Calendar / Events Listing 2.x - SQL Injection via Multiple Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2006-6066. PoCs published by Benjamin Moss.

AI-analyzed exploit summary The provided text describes a SQL injection vulnerability in Dragon Event Listing, where the 'VenueID' parameter in 'venue_detail.asp' is not properly sanitized. It includes a basic example URL for exploitation but lacks actual exploit code.

Description

Multiple SQL injection vulnerabilities in Dragon Calendar / Events Listing 2.x allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to (a) admin_login.asp, the (3) ID parameter to (b) event_searchdetail.asp, or the (4) VenueID parameter to (c) venue_detail.asp.

Exploits (3)

exploitdb WRITEUP VERIFIED
by Benjamin Moss · textwebappsasp
https://www.exploit-db.com/exploits/29042

The provided text describes a SQL injection vulnerability in Dragon Event Listing, where the 'VenueID' parameter in 'venue_detail.asp' is not properly sanitized. It includes a basic example URL for exploitation but lacks actual exploit code.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Dragon Event Listing
No auth needed
Prerequisites: Access to the vulnerable application URL
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Benjamin Moss · textwebappsasp
https://www.exploit-db.com/exploits/29043

The provided text describes a SQL injection vulnerability in Dragon Event Listing, where the 'ID' parameter in 'event_searchdetail.asp' is not properly sanitized. It includes a basic example URL for exploitation but lacks actual exploit code.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Dragon Event Listing
No auth needed
Prerequisites: Access to the vulnerable web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Benjamin Moss · textwebappsasp
https://www.exploit-db.com/exploits/29044

The provided text describes SQL injection vulnerabilities in Dragon Event Listing due to improper input sanitization. It includes example payloads for username and password fields but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Dragon Event Listing
No auth needed
Prerequisites: Access to the login page of Dragon Event Listing
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/30444
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4533
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/451632/100/100/threaded
Exploit, Vendor Advisory, URL Repurposed x_refsource_misc
http://s-a-p.ca/index.php?page=OurAdvisories&id=32
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/30443
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22930
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/30445
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/21098
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/30296

Scores

EPSS 0.0202
EPSS Percentile 78.4%

Details

Status published
Products (1)
dragon_internet/events_listing 2.0.01
Published Nov 22, 2006
Tracked Since Feb 18, 2026