CVE-2006-6756

Ixprim CMS 1.2 - Unauthenticated Brute Force Attack via Guessable IXP_CODE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6756. PoCs published by DarkFig.

AI-analyzed exploit summary This Perl script exploits a blind SQL injection vulnerability in Ixprim 1.2 CMS by targeting the 'story_id' parameter in 'ixm_ixpnews.php'. It extracts administrator credentials, password hashes, and the confidential IXP code via time-based blind SQLi techniques.

Description

The code function in install.fct.php in Ixprim 1.2 produces a guessable value of the confidential IXP_CODE in mainfile.php, which might allow remote attackers to gain access to the administration panel via a brute force attack.

Exploits (1)

exploitdb WORKING POC VERIFIED

by DarkFig · perlwebappsphp

https://www.exploit-db.com/exploits/2975

View Code ZIP pw:eip

This Perl script exploits a blind SQL injection vulnerability in Ixprim 1.2 CMS by targeting the 'story_id' parameter in 'ixm_ixpnews.php'. It extracts administrator credentials, password hashes, and the confidential IXP code via time-based blind SQLi techniques.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Ixprim CMS 1.2

No auth needed

Prerequisites: Target must have at least one comment posted · LOAD_FILE privilege for retrieving the IXP code

MITRE ATT&CK