CVE-2008-6527

GO4I.NET ASP Forum 1.0 - SQL Injection via iFor Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6527. PoCs published by Bl@ckbe@rD.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in Asp Forum v1.0, allowing an attacker to extract user credentials via a crafted URL parameter. The PoC includes a sample query to dump the 'u_password' and 'u_id' fields from the 'users' table.

Description

SQL injection vulnerability in forum.asp in GO4I.NET ASP Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the iFor parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Bl@ckbe@rD · textwebappsphp

https://www.exploit-db.com/exploits/6930

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in Asp Forum v1.0, allowing an attacker to extract user credentials via a crafted URL parameter. The PoC includes a sample query to dump the 'u_password' and 'u_id' fields from the 'users' table.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Asp Forum v1.0

No auth needed

Prerequisites: Target running Asp Forum v1.0 with exposed 'forum.asp' endpoint

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/46514

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/6930

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/32066

Scores

EPSS 0.0110

EPSS Percentile 61.4%

Details

CWE

CWE-89

Status published

Products (1)

go4i/go41.net_asp_forum 1.0

Published Mar 25, 2009

Tracked Since Feb 18, 2026