CVE-2006-1708
published 2006-04-11CVE-2006-1708: SQL injection vulnerability in member.php in Clansys 1.1 allows remote attackers to execute arbitrary SQL commands via the showid parameter in the member page…
PriorityP337high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.48%
70.7th percentile
SQL injection vulnerability in member.php in Clansys 1.1 allows remote attackers to execute arbitrary SQL commands via the showid parameter in the member page to index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| clansys | clansys | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Skulltag 0.96f - Version String Remote Format String (PoC)
exploitdb·2006-04-23
CVE-2006-2012 Skulltag 0.96f - Version String Remote Format String (PoC)
Skulltag 0.96f - Version String Remote Format String (PoC)
---
#######################################################################
Luigi Auriemma
Application: Skulltag
http://www.skulltag.com
Versions: <= 0.96f
Platforms: Windows
Bug: format string
Exploitation: remote, versus server
Date: 23 Apr 2006
Author: Luigi Auriemma
e-mail: [email protected]
web: http://aluigi.altervista.org
#######################################################################
Backup: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/1708.zip (04232006-skulltagfs.zip)
# milw0rm.com [2006-04-23]
Exploit-DB
Clansys 1.1 (showid) - SQL Injection
exploitdb·2006-04-10
CVE-2006-1708 Clansys 1.1 (showid) - SQL Injection
Clansys 1.1 (showid) - SQL Injection
---
> Internet Security |
|---==============================================================---|
title: clansys 1.1 remote sql injection
release: 2006-04-10
author: snatcher [snatcher at gmx.ch]
country: switzerland |+|
application: clansys 1.1
description: a php / mysql based clan content management system
download: http://www.clanscripte.net/main.php?content=download&do=file&dlid=113
description: you can get each password with a simple sql injection. the password
is base64 encoded, but it's easy to decode, that means, you will get
the password in plaintext :)
fingerprint: google -> "Clansys v.1.1" -> 4'030
msn -> "Clansys v.1.1" -> 529
conditions:
greets: honkey, str0ke (.*?)Details!",
$html_content,$username); /* gets username */
preg_match_all("
No writeups or analysis indexed.
http://secunia.com/advisories/19609http://securitytracker.com/id?1015935http://www.securityfocus.com/bid/17456http://www.vupen.com/english/advisories/2006/1295https://exchange.xforce.ibmcloud.com/vulnerabilities/25746https://www.exploit-db.com/exploits/1662http://secunia.com/advisories/19609http://securitytracker.com/id?1015935http://www.securityfocus.com/bid/17456http://www.vupen.com/english/advisories/2006/1295https://exchange.xforce.ibmcloud.com/vulnerabilities/25746https://www.exploit-db.com/exploits/1662
2006-04-11
Published