CVE-2010-4356

Site2Nite Big Truck Broker - SQL Injection via txtSiteId Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-4356. PoCs published by underground-stockholm.com.

AI-analyzed exploit summary This HTML form demonstrates a SQL injection vulnerability in Site2Nite Big Truck Broker by submitting a malformed 'txtSiteId' parameter. The payload '-1 union insect' is a basic test for SQLi, though it may not be fully functional without refinement.

Description

SQL injection vulnerability in news_default.asp in Site2Nite Big Truck Broker allows remote attackers to execute arbitrary SQL commands via the txtSiteId parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by underground-stockholm.com · htmlwebappsasp

https://www.exploit-db.com/exploits/15627

View Code ZIP pw:eip

This HTML form demonstrates a SQL injection vulnerability in Site2Nite Big Truck Broker by submitting a malformed 'txtSiteId' parameter. The payload '-1 union insect' is a basic test for SQLi, though it may not be fully functional without refinement.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: Site2Nite Big Truck Broker

No auth needed

Prerequisites: Access to the vulnerable web application

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/15627

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/42383

Exploit x_refsource_misc

http://packetstormsecurity.org/files/view/96148/site2nitebigtruck-sql.txt

Scores

EPSS 0.0098

EPSS Percentile 57.5%

Details

CWE

CWE-89

Status published

Products (1)

site2nite/big_truck_broker

Published Dec 01, 2010

Tracked Since Feb 18, 2026