CVE-2006-6337

Aspee/Dogantepe Ziyaretci Defteri - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6337. PoCs published by ShaFuq31.

AI-analyzed exploit summary This exploit demonstrates an SQL injection vulnerability in Aspee Ziyaretçi Defteri by providing a crafted HTML form that submits malicious input to bypass authentication. The payload uses single quotes and logical operators to manipulate the SQL query.

Description

Multiple SQL injection vulnerabilities in giris.asp in Aspee and Dogantepe Ziyaretci Defteri allow remote attackers to execute arbitrary SQL commands via the (1) kullanici or (2) parola parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ShaFuq31 · htmlwebappsasp

https://www.exploit-db.com/exploits/29216

View Code ZIP pw:eip

This exploit demonstrates an SQL injection vulnerability in Aspee Ziyaretçi Defteri by providing a crafted HTML form that submits malicious input to bypass authentication. The payload uses single quotes and logical operators to manipulate the SQL query.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Aspee Ziyaretçi Defteri (version unspecified)

No auth needed

Prerequisites: Access to the login page of the vulnerable application

MITRE ATT&CK