CVE-2006-6755

ixprim_cms 1.2 - Information Disclosure via FCKeditor Plugin Path Exposure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6755. PoCs published by DarkFig.

AI-analyzed exploit summary This Perl script exploits a blind SQL injection vulnerability in Ixprim 1.2 CMS by targeting the 'story_id' parameter in 'ixm_ixpnews.php'. It extracts administrator credentials, password hashes, and the confidential IXP code via time-based blind SQLi techniques.

Description

Ixprim 1.2 allows remote attackers to obtain sensitive information via a direct request for kernel/plugins/fckeditor2/ixprim_api.php, which reveals the path in an error message.

Exploits (1)

exploitdb WORKING POC VERIFIED

by DarkFig · perlwebappsphp

https://www.exploit-db.com/exploits/2975

View Code ZIP pw:eip

This Perl script exploits a blind SQL injection vulnerability in Ixprim 1.2 CMS by targeting the 'story_id' parameter in 'ixm_ixpnews.php'. It extracts administrator credentials, password hashes, and the confidential IXP code via time-based blind SQLi techniques.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Ixprim CMS 1.2

No auth needed

Prerequisites: Target must have at least one comment posted · LOAD_FILE privilege for retrieving the IXP code

MITRE ATT&CK