{"id": "EDB-ID:27814", "hash": "eab1d9da40c3313484e3b5e5d7d8aba0", "type": "exploitdb", "bulletinFamily": "exploit", "title": "CyberBuild - browse0.htm ProductIndex Parameter SQL Injection", "description": "CyberBuild 0 browse0.htm ProductIndex Parameter SQL Injection. CVE-2006-2179. Webapps exploit for asp platform", "published": "2006-05-03T00:00:00", "modified": "2006-05-03T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/27814/", "reporter": "r0t", "references": [], "cvelist": ["CVE-2006-2179"], "lastseen": "2016-02-03T06:47:54", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE", "modified": "2016-02-03T06:47:54"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-2179"]}, {"type": "exploitdb", "idList": ["EDB-ID:27813"]}, {"type": "osvdb", "idList": ["OSVDB:25196", "OSVDB:25195"]}], "modified": "2016-02-03T06:47:54"}, "vulnersScore": 7.5}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/27814/", "sourceData": "source: http://www.securityfocus.com/bid/17829/info\r\n \r\nCyberBuild is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. \r\n \r\nA successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.\r\n\r\nhttp://www.example.com/browse0.htm?ProductIndex=[SQL]", "osvdbidlist": ["25196"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}

{"cve": [{"lastseen": "2019-05-29T18:08:32", "bulletinFamily": "NVD", "description": "Multiple SQL injection vulnerabilities in CyberBuild allow remote attackers to execute arbitrary SQL commands via the (1) SessionID parameter to login.asp or (2) ProductIndex parameter to browse0.htm.", "modified": "2017-07-20T01:31:00", "id": "CVE-2006-2179", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2179", "published": "2006-05-04T12:38:00", "title": "CVE-2006-2179", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:21", "bulletinFamily": "software", "description": "## Vulnerability Description\nCyberBuild contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'login.asp' script not properly sanitizing user-supplied input to the 'SessionID' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nCyberBuild contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'login.asp' script not properly sanitizing user-supplied input to the 'SessionID' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Manual Testing Notes\n/login.asp?SessionID=[SQL]\n## References:\nVendor URL: http://www.smartwin.com.au/cyberbuild.htm\n[Secunia Advisory ID:19889](https://secuniaresearch.flexerasoftware.com/advisories/19889/)\n[Related OSVDB ID: 25196](https://vulners.com/osvdb/OSVDB:25196)\n[Related OSVDB ID: 25197](https://vulners.com/osvdb/OSVDB:25197)\n[Related OSVDB ID: 25198](https://vulners.com/osvdb/OSVDB:25198)\n[Related OSVDB ID: 25199](https://vulners.com/osvdb/OSVDB:25199)\nOther Advisory URL: http://pridels.blogspot.com/2006/05/cyberbuild-vuln.html\nISS X-Force ID: 26201\nFrSIRT Advisory: ADV-2006-1630\n[CVE-2006-2179](https://vulners.com/cve/CVE-2006-2179)\nBugtraq ID: 17829\n", "modified": "2006-05-01T05:02:36", "published": "2006-05-01T05:02:36", "href": "https://vulners.com/osvdb/OSVDB:25195", "id": "OSVDB:25195", "title": "CyberBuild login.asp SessionID Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:21", "bulletinFamily": "software", "description": "## Vulnerability Description\nCyberBuild contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'browse0.htm' script not properly sanitizing user-supplied input to the 'ProductIndex' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nCyberBuild contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'browse0.htm' script not properly sanitizing user-supplied input to the 'ProductIndex' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Manual Testing Notes\n/browse0.htm?ProductIndex=[SQL]\n## References:\nVendor URL: http://www.smartwin.com.au/cyberbuild.htm\n[Secunia Advisory ID:19889](https://secuniaresearch.flexerasoftware.com/advisories/19889/)\n[Related OSVDB ID: 25197](https://vulners.com/osvdb/OSVDB:25197)\n[Related OSVDB ID: 25198](https://vulners.com/osvdb/OSVDB:25198)\n[Related OSVDB ID: 25199](https://vulners.com/osvdb/OSVDB:25199)\n[Related OSVDB ID: 25195](https://vulners.com/osvdb/OSVDB:25195)\nOther Advisory URL: http://pridels.blogspot.com/2006/05/cyberbuild-vuln.html\nISS X-Force ID: 26201\nFrSIRT Advisory: ADV-2006-1630\n[CVE-2006-2179](https://vulners.com/cve/CVE-2006-2179)\nBugtraq ID: 17829\n", "modified": "2006-05-01T05:02:36", "published": "2006-05-01T05:02:36", "href": "https://vulners.com/osvdb/OSVDB:25196", "id": "OSVDB:25196", "title": "CyberBuild browse0.htm ProductIndex Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-03T06:47:44", "bulletinFamily": "exploit", "description": "CyberBuild 0 login.asp SessionID Parameter SQL Injection. CVE-2006-2179. Webapps exploit for asp platform", "modified": "2006-05-03T00:00:00", "published": "2006-05-03T00:00:00", "id": "EDB-ID:27813", "href": "https://www.exploit-db.com/exploits/27813/", "type": "exploitdb", "title": "CyberBuild - login.asp SessionID Parameter SQL Injection", "sourceData": "source: http://www.securityfocus.com/bid/17829/info\r\n\r\nCyberBuild is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. \r\n\r\nA successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or even exploit vulnerabilities in the underlying database implementation. Other attacks are also possible.\r\n\r\nhttp://www.example.com/login.asp?SessionID=[SQL]", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/27813/"}]}