CVE-2006-6157

ContentNow < 1.39 - SQL Injection via PageID Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6157. PoCs published by Revenge.

AI-analyzed exploit summary This exploit demonstrates a blind SQL injection vulnerability in ContentNow CMS 1.39 via the 'pageid' parameter. It uses time-based techniques to extract admin credentials by brute-forcing character by character.

Description

SQL injection vulnerability in index.php in ContentNow 1.39 and earlier allows remote attackers to execute arbitrary SQL commands via the pageid parameter. NOTE: this issue can be leveraged for path disclosure with an invalid pageid parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Revenge · perlwebappsphp

https://www.exploit-db.com/exploits/2822

View Code ZIP pw:eip

This exploit demonstrates a blind SQL injection vulnerability in ContentNow CMS 1.39 via the 'pageid' parameter. It uses time-based techniques to extract admin credentials by brute-forcing character by character.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: ContentNow CMS 1.39

No auth needed

Prerequisites: Target must be running ContentNow CMS 1.39 · Target must be accessible via HTTP

MITRE ATT&CK