CVE-2006-6177

Neocrome Seditio < 1.10 - Authenticated SQL Injection via Double-Encoded ID Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6177. PoCs published by nukedx.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in Seditio <= 1.10 via the 'avatarselect' feature. The attacker can manipulate the 'id' parameter to execute arbitrary SQL queries, such as changing a user's password.

Description

SQL injection vulnerability in system/core/users/users.profile.inc.php in Neocrome Seditio 1.10 and earlier allows remote authenticated users to execute arbitrary SQL commands via a double-url-encoded id parameter to users.php that begins with a valid filename, as demonstrated by "default.gif" followed by an encoded NULL and ' (apostrophe) (%2500%2527).

Exploits (1)

exploitdb WORKING POC VERIFIED

by nukedx · textwebappsphp

https://www.exploit-db.com/exploits/2820

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in Seditio <= 1.10 via the 'avatarselect' feature. The attacker can manipulate the 'id' parameter to execute arbitrary SQL queries, such as changing a user's password.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Seditio <= 1.10

Auth required

Prerequisites: Valid user session in Seditio · Access to the 'avatarselect' feature

MITRE ATT&CK