CVE-2006-6861

Outfront Spooky Login 2.7 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6861. PoCs published by Doz.

AI-analyzed exploit summary The provided text describes SQL injection and XSS vulnerabilities in Spooky Login 2.7 due to improper input sanitization. It includes a sample URL demonstrating SQL injection but lacks executable exploit code.

Description

Multiple SQL injection vulnerabilities in Outfront Spooky Login 2.7 allow remote attackers to execute arbitrary SQL commands via (1) the UserUpdate parameter to login/register.asp or (2) unspecified parameters to includes/a_register.asp.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Doz · textwebappsasp

https://www.exploit-db.com/exploits/29373

View Code ZIP pw:eip

The provided text describes SQL injection and XSS vulnerabilities in Spooky Login 2.7 due to improper input sanitization. It includes a sample URL demonstrating SQL injection but lacks executable exploit code.

Classification

Writeup 90%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Theoretical

Target: Spooky Login 2.7

No auth needed

Prerequisites: Network access to the target application

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/21822

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/455603/100/0/threaded

Scores

EPSS 0.0134

EPSS Percentile 67.6%

Details

Status published

Products (1)

outfront/spooky_login 2.7

Published Dec 31, 2006

Tracked Since Feb 18, 2026