CVE-2007-6579

Ip Reg 0.3 - SQL Injection via vlan_id Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-6579. PoCs published by MhZ91.

AI-analyzed exploit summary This exploit demonstrates multiple SQL injection vulnerabilities in Ip Reg v0.3, allowing an attacker to extract user credentials (username, password, and display name) from the database by manipulating the 'vlan_id' and other parameters in various PHP scripts.

Description

Multiple SQL injection vulnerabilities in Ip Reg 0.3 allow remote attackers to execute arbitrary SQL commands via the vlan_id parameter to (1) vlanview.php, (2) vlanedit.php, and (3) vlandel.php; the (4) assetclassgroup_id parameter to assetclassgroupview.php; the (5) subnet_id parameter to nodelist.php; and unspecified other vectors. NOTE: it was later reported that the vlanview.php and vlandel.php vectors are also in 0.4.

Exploits (1)

exploitdb WORKING POC VERIFIED

by MhZ91 · textwebappsphp

https://www.exploit-db.com/exploits/4771

View Code ZIP pw:eip

This exploit demonstrates multiple SQL injection vulnerabilities in Ip Reg v0.3, allowing an attacker to extract user credentials (username, password, and display name) from the database by manipulating the 'vlan_id' and other parameters in various PHP scripts.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Ip Reg v0.3

No auth needed

Prerequisites: Access to the vulnerable web application

MITRE ATT&CK