CVE-2006-6873
eNdonesia 8.4 - SQL Injection via mod.php did or cid Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2006-6873. PoCs published by z1ckX(ru).
AI-analyzed exploit summary This exploit demonstrates multiple vulnerabilities in Endonesia8.4, including XSS, SQL injection, and local file inclusion, with a focus on SQLi for RCE via a web shell. The PoC provides clear examples of exploitable endpoints and payloads.
Description
Multiple SQL injection vulnerabilities in mod.php in eNdonesia 8.4 allow remote attackers to execute arbitrary SQL commands via (1) the did parameter in a (a) viewdisk operation (diskusi mod), or the (2) cid parameter in a (b) viewlink (katalog mod) or (b) viewcat (diskusi mod) operation.
Exploits (1)
This exploit demonstrates multiple vulnerabilities in Endonesia8.4, including XSS, SQL injection, and local file inclusion, with a focus on SQLi for RCE via a web shell. The PoC provides clear examples of exploitable endpoints and payloads.