CVE-2006-6343

Neocrome Seditio <1.10 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6343. PoCs published by ajann.

AI-analyzed exploit summary This exploit demonstrates an SQL injection vulnerability in Seditio and Land Down Under, allowing an attacker to write arbitrary PHP code to a file via the 'INTO OUTFILE' clause. The payload includes a PHP include statement that could lead to remote code execution if the file is accessible.

Description

SQL injection vulnerability in polls.php in Neocrome Seditio 1.10 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ajann · textwebappsphp

https://www.exploit-db.com/exploits/29202

View Code ZIP pw:eip

This exploit demonstrates an SQL injection vulnerability in Seditio and Land Down Under, allowing an attacker to write arbitrary PHP code to a file via the 'INTO OUTFILE' clause. The payload includes a PHP include statement that could lead to remote code execution if the file is accessible.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Seditio 1.10, Land Down Under 8.x

No auth needed

Prerequisites: Access to the polls.php endpoint · Write permissions in the target directory

MITRE ATT&CK