CVE-2006-6349

PWP Technologies The Classified Ad System - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6349. PoCs published by ajann.

AI-analyzed exploit summary This Perl script exploits a SQL injection vulnerability in The Classified Ad System 1.0 by injecting a UNION-based SQL query to extract admin credentials. It interacts with the target via HTTP and parses the response to display the username and password.

Description

Multiple SQL injection vulnerabilities in PWP Technologies The Classified Ad System allow remote attackers to execute arbitrary SQL commands via (1) the main parameter in a view action (includes/mainpage/view.asp) in default.asp or (2) a query in the search engine.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ajann · perlwebappsasp

https://www.exploit-db.com/exploits/3015

View Code ZIP pw:eip

This Perl script exploits a SQL injection vulnerability in The Classified Ad System 1.0 by injecting a UNION-based SQL query to extract admin credentials. It interacts with the target via HTTP and parses the response to display the username and password.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: The Classified Ad System 1.0

No auth needed

Prerequisites: Target must be running The Classified Ad System 1.0 · Target must have the vulnerable 'main' parameter exposed

MITRE ATT&CK