Exploitation Summary
EIP tracks 3 public exploits for CVE-2007-6544. PoCs published by sh2kerr, DSecRG.
AI-analyzed exploit summary This Perl script exploits a blind SQL injection vulnerability in RunCMS 1.6 to extract the admin password hash. It uses binary search and ASCII value comparison to evade IDS detection.
Description
Multiple SQL injection vulnerabilities in RunCMS before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the lid parameter to (1) brokenfile.php, (2) visit.php, or (3) ratefile.php in modules/mydownloads/; or (4) ratelink.php, (5) modlink.php, or (6) brokenlink.php in modules/mylinks/.
Exploits (3)
This Perl script exploits a blind SQL injection vulnerability in RunCMS 1.6 to extract the admin password hash. It uses binary search and ASCII value comparison to evade IDS detection.
This advisory details multiple vulnerabilities in RunCMS 1.6, including SQL injection, XSS, PHP injection, and predictable session IDs. It provides specific endpoints and payloads for exploitation but does not include functional exploit code.
This Perl script exploits a blind SQL injection vulnerability in RunCMS 1.6 to extract admin session cookies by brute-forcing character values via ASCII comparisons. It targets multiple modules and constructs malicious queries to leak session data.