CVE-2007-1295

AJ Forum 1.0 - SQL Injection via td_id Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1295. PoCs published by ajann.

AI-analyzed exploit summary This Perl script exploits a blind SQL injection vulnerability in AJ Forum 1.0 via the 'topic_title.php' endpoint. It extracts admin credentials by injecting a UNION-based SQL query to retrieve usernames and passwords from the 'members' table.

Description

SQL injection vulnerability in topic_title.php in AJ Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the td_id parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ajann · perlwebappsphp

https://www.exploit-db.com/exploits/3411

View Code ZIP pw:eip

This Perl script exploits a blind SQL injection vulnerability in AJ Forum 1.0 via the 'topic_title.php' endpoint. It extracts admin credentials by injecting a UNION-based SQL query to retrieve usernames and passwords from the 'members' table.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: AJ Forum 1.0

No auth needed

Prerequisites: Target must be running AJ Forum 1.0 with vulnerable 'topic_title.php' endpoint · Network access to the target web server

MITRE ATT&CK