CVE-2007-4110

Message Board/Threaded Discussion Forum App Template - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-4110. PoCs published by Aria-Security Team.

AI-analyzed exploit summary This exploit demonstrates an SQL injection vulnerability in Message Board / Threaded Discussion Forum by injecting a malicious string into the password field, bypassing authentication. The payload 'anything' OR 'x'='x' manipulates the SQL query to return true, allowing unauthorized access.

Description

SQL injection vulnerability in sign_in.aspx in Message Board / Threaded Discussion Forum Application Template allows remote attackers to execute arbitrary SQL commands via the Password parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Aria-Security Team · textwebappsasp

https://www.exploit-db.com/exploits/30426

View Code ZIP pw:eip

This exploit demonstrates an SQL injection vulnerability in Message Board / Threaded Discussion Forum by injecting a malicious string into the password field, bypassing authentication. The payload 'anything' OR 'x'='x' manipulates the SQL query to return true, allowing unauthorized access.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Message Board / Threaded Discussion Forum

No auth needed

Prerequisites: Valid username (e.g., 'admin')

MITRE ATT&CK