CVE-2006-6208

Enthrallweb eClassifieds - SQL Injection via AD_ID, cat_id, sub_id, ad_id, cid, or sid Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2006-6208. PoCs published by laurent gaffie.

AI-analyzed exploit summary The provided text describes a SQL injection vulnerability in eClassifieds, where the 'sid' parameter in 'dirSub.asp' is not properly sanitized. It lacks actual exploit code but references a known CVE and vulnerability details.

Description

Multiple SQL injection vulnerabilities in Enthrallweb eClassifieds allow remote attackers to execute arbitrary SQL commands via the (1) AD_ID, (2) cat_id, (3) sub_id, and (4) ad_id parameters to (a) ad.asp, the (5) cid parameter to (b) dircat.asp, and the (6) sid parameter to (c) dirSub.asp.

Exploits (3)

exploitdb WRITEUP VERIFIED
by laurent gaffie · textwebappsasp
https://www.exploit-db.com/exploits/29120

The provided text describes a SQL injection vulnerability in eClassifieds, where the 'sid' parameter in 'dirSub.asp' is not properly sanitized. It lacks actual exploit code but references a known CVE and vulnerability details.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: eClassifieds (version not specified)
No auth needed
Prerequisites: Access to the vulnerable endpoint · Basic knowledge of SQL injection techniques
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by laurent gaffie · textwebappsasp
https://www.exploit-db.com/exploits/29119

The provided text describes a SQL injection vulnerability in eClassifieds, where the 'cid' parameter in 'dircat.asp' is not properly sanitized. It lacks actual exploit code but references the vulnerability and potential impact.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: eClassifieds (version not specified)
No auth needed
Prerequisites: Access to the vulnerable endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by laurent gaffie · textwebappsasp
https://www.exploit-db.com/exploits/29118

The provided text describes SQL injection vulnerabilities in eClassifieds, detailing multiple attack vectors via URL parameters. It lacks executable code but outlines the vulnerability's nature and potential impact.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: eClassifieds (version not specified)
No auth needed
Prerequisites: Access to the vulnerable web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23050
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/21192
Exploit, URL Repurposed x_refsource_misc
http://s-a-p.ca/index.php?page=OurAdvisories&id=46
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/30423
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/452102/100/100/threaded
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/1943
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4642

Scores

EPSS 0.0123
EPSS Percentile 64.9%

Details

Status published
Products (1)
enthrallweb/eclassifieds
Published Dec 01, 2006
Tracked Since Feb 18, 2026