CVE-2006-6083

CreaScripts Creadirectory - SQL Injection via search.asp Category Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6083. PoCs published by laurent gaffie.

AI-analyzed exploit summary The provided text describes a vulnerability in Creascripts creadirectory version 1.2, highlighting SQL injection and XSS issues due to insufficient input sanitization. It includes a basic example URL for SQL injection but lacks executable exploit code.

Description

SQL injection vulnerability in search.asp in CreaScripts Creadirectory allows remote attackers to execute arbitrary SQL commands via the category parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by laurent gaffie · textwebappsasp

https://www.exploit-db.com/exploits/29154

View Code ZIP pw:eip

The provided text describes a vulnerability in Creascripts creadirectory version 1.2, highlighting SQL injection and XSS issues due to insufficient input sanitization. It includes a basic example URL for SQL injection but lacks executable exploit code.

Classification

Writeup 80%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Theoretical

Target: Creascripts creadirectory 1.2

No auth needed

Prerequisites: Access to the vulnerable web application

MITRE ATT&CK