CVE-2006-5059
published 2006-09-28CVE-2006-5059: Multiple cross-site scripting (XSS) vulnerabilities in WWWthreads 5.4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the Cat…
PriorityP418medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EPSS
1.38%
68.7th percentile
Multiple cross-site scripting (XSS) vulnerabilities in WWWthreads 5.4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the Cat parameter to (1) dosearch.php, (2) postlist.php, (3) showmembers.php, (4) faq_english.php, (5) online.php, (6) login.php, (7) newuser.php, (8) wwwthreads.php, (9) search.php, or (10) postlist.php.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wired_community_software | wwwthreads | <= 5.4.2 | — |
| wired_community_software | wwwthreads | — | — |
| wired_community_software | wwwthreads | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Wired Community Software WWWthreads 5.4/5.4.2/Rc3 dosearch.php Cat cross site scripting (BID-20178 / SA22211)
vuldb·2026-04-23·CVSS 5.1
CVE-2006-5059 [MEDIUM] Wired Community Software WWWthreads 5.4/5.4.2/Rc3 dosearch.php Cat cross site scripting (BID-20178 / SA22211)
A vulnerability labeled as problematic has been found in Wired Community Software WWWthreads 5.4/5.4.2/Rc3. This affects an unknown part of the file dosearch.php. Executing a manipulation of the argument Cat can lead to basic cross site scripting.
This vulnerability appears as CVE-2006-5059. The attack may be performed from remote. There is no available exploit.
GHSA
GHSA-fm68-3v2f-mfmh: Multiple cross-site scripting (XSS) vulnerabilities in WWWthreads 5
ghsa_unreviewed·2022-05-01
CVE-2006-5059 [MEDIUM] GHSA-fm68-3v2f-mfmh: Multiple cross-site scripting (XSS) vulnerabilities in WWWthreads 5
Multiple cross-site scripting (XSS) vulnerabilities in WWWthreads 5.4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the Cat parameter to (1) dosearch.php, (2) postlist.php, (3) showmembers.php, (4) faq_english.php, (5) online.php, (6) login.php, (7) newuser.php, (8) wwwthreads.php, (9) search.php, or (10) postlist.php.
Suricata
ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick_mod ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2006-6667 [HIGH] ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick_mod ASCII
ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick_mod ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick_mod ASCII"; flow:established,to_server; http.uri; content:"/verify.php?"; nocase; content:"nick_mod="; nocase; content:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/i"; reference:cve,CVE-2006-6667; reference:url,www.frsirt.com/english/advisories/2006/5059; classtype:web-application-attack; sid:2006301; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_t
Suricata
ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick_mod UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2006-6667 [HIGH] ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick_mod UPDATE
ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick_mod UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick_mod UPDATE"; flow:established,to_server; http.uri; content:"/verify.php?"; nocase; content:"nick_mod="; nocase; content:"UPDATE"; nocase; pcre:"/UPDATE.+SET/i"; reference:cve,CVE-2006-6667; reference:url,www.frsirt.com/english/advisories/2006/5059; classtype:web-application-attack; sid:2006302; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_tec
Suricata
ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2006-6667 [HIGH] ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick DELETE
ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick DELETE"; flow:established,to_server; http.uri; content:"/verify.php?"; nocase; content:"nick="; nocase; content:"DELETE"; nocase; pcre:"/DELETE.+FROM/i"; reference:cve,CVE-2006-6667; reference:url,www.frsirt.com/english/advisories/2006/5059; classtype:web-application-attack; sid:2006294; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T
Suricata
ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2006-6667 [HIGH] ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick UPDATE
ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick UPDATE"; flow:established,to_server; http.uri; content:"/verify.php?"; nocase; content:"nick="; nocase; content:"UPDATE"; nocase; pcre:"/UPDATE.+SET/i"; reference:cve,CVE-2006-6667; reference:url,www.frsirt.com/english/advisories/2006/5059; classtype:web-application-attack; sid:2006296; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1
Suricata
ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2006-6667 [HIGH] ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick ASCII
ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick ASCII"; flow:established,to_server; http.uri; content:"/verify.php?"; nocase; content:"nick="; nocase; content:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/i"; reference:cve,CVE-2006-6667; reference:url,www.frsirt.com/english/advisories/2006/5059; classtype:web-application-attack; sid:2006295; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id
Suricata
ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6667 [HIGH] ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick INSERT
ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick INSERT"; flow:established,to_server; http.uri; content:"/verify.php?"; nocase; content:"nick="; nocase; content:"INSERT"; nocase; pcre:"/INSERT.+INTO/i"; reference:cve,CVE-2006-6667; reference:url,www.frsirt.com/english/advisories/2006/5059; classtype:web-application-attack; sid:2006293; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T
Suricata
ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick_mod DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2006-6667 [HIGH] ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick_mod DELETE
ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick_mod DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick_mod DELETE"; flow:established,to_server; http.uri; content:"/verify.php?"; nocase; content:"nick_mod="; nocase; content:"DELETE"; nocase; pcre:"/DELETE.+FROM/i"; reference:cve,CVE-2006-6667; reference:url,www.frsirt.com/english/advisories/2006/5059; classtype:web-application-attack; sid:2006300; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_te
Suricata
ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick_mod UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6667 [HIGH] ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick_mod UNION SELECT
ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick_mod UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick_mod UNION SELECT"; flow:established,to_server; http.uri; content:"/repass.php?"; nocase; content:"nick_mod="; nocase; content:"UNION"; nocase; pcre:"/UNION\s+SELECT/i"; reference:cve,CVE-2006-6667; reference:url,www.frsirt.com/english/advisories/2006/5059; classtype:web-application-attack; sid:2006280; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Acc
Suricata
ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick_mod SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6667 [HIGH] ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick_mod SELECT
ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick_mod SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick_mod SELECT"; flow:established,to_server; http.uri; content:"/repass.php?"; nocase; content:"nick_mod="; nocase; content:"SELECT"; nocase; pcre:"/SELECT.+FROM/i"; reference:cve,CVE-2006-6667; reference:url,www.frsirt.com/english/advisories/2006/5059; classtype:web-application-attack; sid:2006279; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_te
Suricata
ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6667 [HIGH] ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick UNION SELECT
ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick UNION SELECT"; flow:established,to_server; http.uri; content:"/verify.php?"; nocase; content:"nick="; nocase; content:"UNION"; nocase; pcre:"/UNION\s+SELECT/i"; reference:cve,CVE-2006-6667; reference:url,www.frsirt.com/english/advisories/2006/5059; classtype:web-application-attack; sid:2006292; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_t
Suricata
ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick_mod INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6667 [HIGH] ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick_mod INSERT
ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick_mod INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick_mod INSERT"; flow:established,to_server; http.uri; content:"/verify.php?"; nocase; content:"nick_mod="; nocase; content:"INSERT"; nocase; pcre:"/INSERT.+INTO/i"; reference:cve,CVE-2006-6667; reference:url,www.frsirt.com/english/advisories/2006/5059; classtype:web-application-attack; sid:2006299; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_te
Suricata
ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick_mod SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6667 [HIGH] ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick_mod SELECT
ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick_mod SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick_mod SELECT"; flow:established,to_server; http.uri; content:"/verify.php?"; nocase; content:"nick_mod="; nocase; content:"SELECT"; nocase; pcre:"/SELECT.+FROM/i"; reference:cve,CVE-2006-6667; reference:url,www.frsirt.com/english/advisories/2006/5059; classtype:web-application-attack; sid:2006297; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_te
Suricata
ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2006-6667 [HIGH] ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick UPDATE
ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick UPDATE"; flow:established,to_server; http.uri; content:"/repass.php?"; nocase; content:"nick="; nocase; content:"UPDATE"; nocase; pcre:"/UPDATE.+SET/i"; reference:cve,CVE-2006-6667; reference:url,www.frsirt.com/english/advisories/2006/5059; classtype:web-application-attack; sid:2006290; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1
Suricata
ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick_mod DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2006-6667 [HIGH] ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick_mod DELETE
ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick_mod DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick_mod DELETE"; flow:established,to_server; http.uri; content:"/repass.php?"; nocase; content:"nick_mod="; nocase; content:"DELETE"; nocase; pcre:"/DELETE.+FROM/i"; reference:cve,CVE-2006-6667; reference:url,www.frsirt.com/english/advisories/2006/5059; classtype:web-application-attack; sid:2006282; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_te
Suricata
ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2006-6667 [HIGH] ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick DELETE
ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick DELETE"; flow:established,to_server; http.uri; content:"/repass.php?"; nocase; content:"nick="; nocase; content:"DELETE"; nocase; pcre:"/DELETE.+FROM/i"; reference:cve,CVE-2006-6667; reference:url,www.frsirt.com/english/advisories/2006/5059; classtype:web-application-attack; sid:2006288; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T
Suricata
ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2006-6667 [HIGH] ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick ASCII
ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick ASCII"; flow:established,to_server; http.uri; content:"/repass.php?"; nocase; content:"nick="; nocase; content:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/i"; reference:cve,CVE-2006-6667; reference:url,www.frsirt.com/english/advisories/2006/5059; classtype:web-application-attack; sid:2006289; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id
Suricata
ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick_mod ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2006-6667 [HIGH] ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick_mod ASCII
ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick_mod ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick_mod ASCII"; flow:established,to_server; http.uri; content:"/repass.php?"; nocase; content:"nick_mod="; nocase; content:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/i"; reference:cve,CVE-2006-6667; reference:url,www.frsirt.com/english/advisories/2006/5059; classtype:web-application-attack; sid:2006283; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_t
Suricata
ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick_mod UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6667 [HIGH] ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick_mod UNION SELECT
ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick_mod UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick_mod UNION SELECT"; flow:established,to_server; http.uri; content:"/verify.php?"; nocase; content:"nick_mod="; nocase; content:"UNION"; nocase; pcre:"/UNION\s+SELECT/i"; reference:cve,CVE-2006-6667; reference:url,www.frsirt.com/english/advisories/2006/5059; classtype:web-application-attack; sid:2006298; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Acc
Suricata
ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6667 [HIGH] ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick SELECT
ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick SELECT"; flow:established,to_server; http.uri; content:"/verify.php?"; nocase; content:"nick="; nocase; content:"SELECT"; nocase; pcre:"/SELECT.+FROM/i"; reference:cve,CVE-2006-6667; reference:url,www.frsirt.com/english/advisories/2006/5059; classtype:web-application-attack; sid:2006291; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T
Suricata
ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6667 [HIGH] ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick SELECT
ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick SELECT"; flow:established,to_server; http.uri; content:"/repass.php?"; nocase; content:"nick="; nocase; content:"SELECT"; nocase; pcre:"/SELECT.+FROM/i"; reference:cve,CVE-2006-6667; reference:url,www.frsirt.com/english/advisories/2006/5059; classtype:web-application-attack; sid:2006285; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T
Suricata
ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick_mod INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6667 [HIGH] ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick_mod INSERT
ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick_mod INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick_mod INSERT"; flow:established,to_server; http.uri; content:"/repass.php?"; nocase; content:"nick_mod="; nocase; content:"INSERT"; nocase; pcre:"/INSERT.+INTO/i"; reference:cve,CVE-2006-6667; reference:url,www.frsirt.com/english/advisories/2006/5059; classtype:web-application-attack; sid:2006281; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_te
Suricata
ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick_mod UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2006-6667 [HIGH] ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick_mod UPDATE
ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick_mod UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick_mod UPDATE"; flow:established,to_server; http.uri; content:"/repass.php?"; nocase; content:"nick_mod="; nocase; content:"UPDATE"; nocase; pcre:"/UPDATE.+SET/i"; reference:cve,CVE-2006-6667; reference:url,www.frsirt.com/english/advisories/2006/5059; classtype:web-application-attack; sid:2006284; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_tec
Suricata
ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6667 [HIGH] ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick INSERT
ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick INSERT"; flow:established,to_server; http.uri; content:"/repass.php?"; nocase; content:"nick="; nocase; content:"INSERT"; nocase; pcre:"/INSERT.+INTO/i"; reference:cve,CVE-2006-6667; reference:url,www.frsirt.com/english/advisories/2006/5059; classtype:web-application-attack; sid:2006287; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T
Suricata
ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6667 [HIGH] ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick UNION SELECT
ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick UNION SELECT"; flow:established,to_server; http.uri; content:"/repass.php?"; nocase; content:"nick="; nocase; content:"UNION"; nocase; pcre:"/UNION\s+SELECT/i"; reference:cve,CVE-2006-6667; reference:url,www.frsirt.com/english/advisories/2006/5059; classtype:web-application-attack; sid:2006286; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_t
No public exploits indexed.
No writeups or analysis indexed.
http://secunia.com/advisories/22211http://securityreason.com/securityalert/1645http://www.securityfocus.com/archive/1/446911/100/0/threadedhttp://www.securityfocus.com/bid/20178http://www.vupen.com/english/advisories/2006/3858http://secunia.com/advisories/22211http://securityreason.com/securityalert/1645http://www.securityfocus.com/archive/1/446911/100/0/threadedhttp://www.securityfocus.com/bid/20178http://www.vupen.com/english/advisories/2006/3858
2006-09-28
Published