CVE-2006-6237

Woltlab Burning Board Lite 1.0.2 - SQL Injection via Thread Visit Cookie Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6237. PoCs published by rgod.

AI-analyzed exploit summary This exploit targets a SQL injection vulnerability in Woltlab Burning Board Lite 1.0.2 via the `threadvisit` cookie parameter. It extracts the admin's username and password hash by leveraging blind SQL injection techniques.

Description

SQL injection vulnerability in the decode_cookie function in thread.php in Woltlab Burning Board Lite 1.0.2 allows remote attackers to execute arbitrary SQL commands via the threadvisit Cookie parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · phpwebappsphp

https://www.exploit-db.com/exploits/2841

View Code ZIP pw:eip

This exploit targets a SQL injection vulnerability in Woltlab Burning Board Lite 1.0.2 via the `threadvisit` cookie parameter. It extracts the admin's username and password hash by leveraging blind SQL injection techniques.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Woltlab Burning Board Lite 1.0.2

No auth needed

Prerequisites: Valid thread ID · Valid user ID (preferably admin)

MITRE ATT&CK