ID OSVDB:36330
Type osvdb
Reporter OSVDB
Modified 2007-07-21T00:00:00
Description
Manual Testing Notes
http://[target]/ViewCat.php?s_user_id='+union+select+user_password+from+users+where%20user_id=1/*
References:
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-06/0273.html
ISS X-Force ID: 34994
CVE-2007-3354
Bugtraq ID: 24584
{"bulletinFamily": "software", "viewCount": 17, "reporter": "OSVDB", "references": [], "description": "## Manual Testing Notes\nhttp://[target]/ViewCat.php?s_user_id='+union+select+user_password+from+users+where%20user_id=1/*\n## References:\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-06/0273.html\nISS X-Force ID: 34994\n[CVE-2007-3354](https://vulners.com/cve/CVE-2007-3354)\nBugtraq ID: 24584\n", "affectedSoftware": [], "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "c83954063800ea1b18537ca484731d22"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "5a09514d46be389e7415d2805689c73a"}, {"key": "href", "hash": "8c61257aa94ec573f2e9ad6f1a5d1761"}, {"key": "modified", "hash": "1431b3b55a38ba12eef5c565aa5b1c9d"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "1431b3b55a38ba12eef5c565aa5b1c9d"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "955b328dc7cd615c13af5464c9183464"}, {"key": "title", "hash": "4ba3ec600a0c8ca241f103b15cece10e"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "href": "https://vulners.com/osvdb/OSVDB:36330", "modified": "2007-07-21T00:00:00", "objectVersion": "1.2", "enchantments": {"score": {"value": 6.6, "vector": "NONE", "modified": "2017-04-28T13:20:32"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-3354"]}, {"type": "exploitdb", "idList": ["EDB-ID:30223"]}], "modified": "2017-04-28T13:20:32"}, "vulnersScore": 6.6}, "id": "OSVDB:36330", "title": "NetClassifieds ViewCat.php s_user_id Multiple Variable Remote SQL Injection", "hash": "8ab50213511c2f279ff9383be2049e138d161a8e4ce8dc74b0dd184eba200826", "edition": 1, "published": "2007-07-21T00:00:00", "type": "osvdb", "history": [], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "cvelist": ["CVE-2007-3354"], "lastseen": "2017-04-28T13:20:32"}
{"cve": [{"lastseen": "2019-05-29T18:09:00", "bulletinFamily": "NVD", "description": "Multiple SQL injection vulnerabilities in NetClassifieds Premium Edition allow remote attackers to execute arbitrary SQL commands via the s_user_id parameter to ViewCat.php and other unspecified vectors. NOTE: the CatID/ViewCat.php, CatID/gallery.php, and ItemNum/ViewItem.php vectors are already covered by CVE-2005-3978.", "modified": "2018-10-16T16:48:00", "id": "CVE-2007-3354", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3354", "published": "2007-06-22T18:30:00", "title": "CVE-2007-3354", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "exploitdb": [{"lastseen": "2016-02-03T11:59:59", "bulletinFamily": "exploit", "description": "NetClassifieds 1.9.7 Multiple Input Validation Vulnerabilities. CVE-2007-3354. Webapps exploit for php platform", "modified": "2007-06-21T00:00:00", "published": "2007-06-21T00:00:00", "id": "EDB-ID:30223", "href": "https://www.exploit-db.com/exploits/30223/", "type": "exploitdb", "title": "NetClassifieds <= 1.9.7 - Multiple Input Validation Vulnerabilities", "sourceData": "source: http://www.securityfocus.com/bid/24584/info\r\n\r\nNetClassifieds is prone to multiple input-validation vulnerabilities because the application fails to sanitize user-supplied input. These vulnerabilities include multiple SQL-injection issues and cross-site scripting issues.\r\n\r\nA successful exploit may allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.\r\n\r\nNetClassifieds Free, Standard, Professional, and Premium editions are reported vulnerable. \r\n\r\nhttp://www.example.com/ViewCat.php?CatID=-8+union+select+1,email,3+from+users/*\r\nhttp://www.example.com/ViewCat.php?s_user_id='+union+select+user_password+from+users+where%20user_id=1/* ", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/30223/"}]}