Exploitation Summary
EIP tracks 3 public exploits for CVE-2006-6478. PoCs published by Mr_KaLiMaN.
AI-analyzed exploit summary The provided text describes SQL injection and XSS vulnerabilities in AnnonceScriptHP V2.0, with an example URL demonstrating the SQL injection point. No actual exploit code is included.
Description
Multiple SQL injection vulnerabilities in AnnonceScriptHP 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in (a) email.php, the (2) no parameter in (b) voirannonce.php, the (3) idmembre parameter in (c) admin/admin_membre/fiche_membre.php, and the (4) idannonce parameter in (d) admin/admin_annonce/okvalannonce.php and (e) admin/admin_annonce/changeannonce.php.
Exploits (3)
The provided text describes SQL injection and XSS vulnerabilities in AnnonceScriptHP V2.0, with an example URL demonstrating the SQL injection point. No actual exploit code is included.
The provided text describes SQL injection and XSS vulnerabilities in AnnonceScriptHP V2.0, specifically in the email.php file via the 'id' parameter. It lacks actual exploit code but details the vulnerability and potential impact.
The provided text describes SQL injection and XSS vulnerabilities in AnnonceScriptHP V2.0, specifically in the 'fiche_membre.php' script via the 'idmembre' parameter. It lacks actual exploit code but details the vulnerability and potential impact.