EV0074.txt

🗓️ 22 Feb 2006 00:00:00Reported by Aliaksandr HartsuyeuType

packetstorm🔗 packetstormsecurity.com👁 57 Views

New eVuln Advisory: BirthSys SQL Injection Vulnerability in show.ph

Reporter	Title	Published	Views	Family All 6
CVE	CVE-2006-0775	19 Feb 200600:00	–	cve
Cvelist	CVE-2006-0775	19 Feb 200600:00	–	cvelist
EUVD	EUVD-2006-0781	7 Oct 202500:30	–	euvd
NVD	CVE-2006-0775	19 Feb 200600:02	–	nvd
Prion	Sql injection	19 Feb 200600:02	–	prion
securityvulns	[eVuln] BirthSys SQL Injection Vulnerability	22 Feb 200600:00	–	securityvulns

`New eVuln Advisory:  
BirthSys SQL Injection Vulnerability  
http://evuln.com/vulns/74/summary.html  
  
--------------------Summary----------------  
eVuln ID: EV0074  
CVE: CVE-2006-0775  
Software: BirthSys  
Sowtware's Web Site: http://clvfoto.free.fr/site/download.php3  
Versions: 3.1  
Critical Level: Moderate  
Type: SQL Injection  
Class: Remote  
Status: Unpatched. No reply from developer(s)  
Exploit: Available  
Solution: Not Available  
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)  
  
-----------------Description---------------  
Vulnerable script: show.php  
  
Variables $month $date are not properly sanitized. This can be used to make any SQL query by injecting arbitrary SQL code.  
  
--------------Exploit----------------------  
Available at: http://evuln.com/vulns/74/exploit.html  
  
SQL Injection Example.  
  
http://host/show.php3? month=99%20union% 20select%201, 2,3,4,5/*  
  
--------------Solution---------------------  
No Patch available.  
  
--------------Credit-----------------------  
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)  
  
  
Regards,  
Aliaksandr Hartsuyeu  
http://evuln.com - Penetration Testing Services  
.  
`

22 Feb 2006 00:00Current

6.7Medium risk

Vulners AI Score6.7

EPSS0.01971