CVE-2006-6189
published 2006-12-01CVE-2006-6189: SQL injection vulnerability in displayCalendar.asp in ClickTech Click Blog allows remote attackers to execute arbitrary SQL commands via the date parameter.
PriorityP338high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.08%
60.8th percentile
SQL injection vulnerability in displayCalendar.asp in ClickTech Click Blog allows remote attackers to execute arbitrary SQL commands via the date parameter.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS ClickTech Click Blog SQL Injection Attempt -- displayCalendar.asp date DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2006-6189 [HIGH] ET WEB_SPECIFIC_APPS ClickTech Click Blog SQL Injection Attempt -- displayCalendar.asp date DELETE
ET WEB_SPECIFIC_APPS ClickTech Click Blog SQL Injection Attempt -- displayCalendar.asp date DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS ClickTech Click Blog SQL Injection Attempt -- displayCalendar.asp date DELETE"; flow:established,to_server; http.uri; content:"/displayCalendar.asp?"; nocase; content:"date="; nocase; content:"DELETE"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2006-6189; reference:url,www.securityfocus.com/bid/21310; classtype:web-application-attack; sid:2007226; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_10, mitre_tactic_id TA0001, mitre_t
Suricata
ET WEB_SPECIFIC_APPS ClickTech Click Blog SQL Injection Attempt -- displayCalendar.asp date UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2006-6189 [HIGH] ET WEB_SPECIFIC_APPS ClickTech Click Blog SQL Injection Attempt -- displayCalendar.asp date UPDATE
ET WEB_SPECIFIC_APPS ClickTech Click Blog SQL Injection Attempt -- displayCalendar.asp date UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS ClickTech Click Blog SQL Injection Attempt -- displayCalendar.asp date UPDATE"; flow:established,to_server; http.uri; content:"/displayCalendar.asp?"; nocase; content:"date="; nocase; content:"UPDATE"; nocase; content:"SET"; nocase; distance:0; reference:cve,CVE-2006-6189; reference:url,www.securityfocus.com/bid/21310; classtype:web-application-attack; sid:2007228; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_10, mitre_tactic_id TA0001, mitre_ta
Suricata
ET WEB_SPECIFIC_APPS ClickTech Click Blog SQL Injection Attempt -- displayCalendar.asp date ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2006-6189 [HIGH] ET WEB_SPECIFIC_APPS ClickTech Click Blog SQL Injection Attempt -- displayCalendar.asp date ASCII
ET WEB_SPECIFIC_APPS ClickTech Click Blog SQL Injection Attempt -- displayCalendar.asp date ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS ClickTech Click Blog SQL Injection Attempt -- displayCalendar.asp date ASCII"; flow:established,to_server; http.uri; content:"/displayCalendar.asp?"; nocase; content:"date="; nocase; content:"ASCII("; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2006-6189; reference:url,www.securityfocus.com/bid/21310; classtype:web-application-attack; sid:2007227; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_10, mitre_tactic_id TA0001, mitre_t
Suricata
ET WEB_SPECIFIC_APPS ClickTech Click Blog SQL Injection Attempt -- displayCalendar.asp date SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6189 [HIGH] ET WEB_SPECIFIC_APPS ClickTech Click Blog SQL Injection Attempt -- displayCalendar.asp date SELECT
ET WEB_SPECIFIC_APPS ClickTech Click Blog SQL Injection Attempt -- displayCalendar.asp date SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS ClickTech Click Blog SQL Injection Attempt -- displayCalendar.asp date SELECT"; flow:established,to_server; http.uri; content:"/displayCalendar.asp?"; nocase; content:"date="; nocase; content:"SELECT"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2006-6189; reference:url,www.securityfocus.com/bid/21310; classtype:web-application-attack; sid:2007223; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_10, mitre_tactic_id TA0001, mitre_t
Suricata
ET WEB_SPECIFIC_APPS ClickTech Click Blog SQL Injection Attempt -- displayCalendar.asp date INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6189 [HIGH] ET WEB_SPECIFIC_APPS ClickTech Click Blog SQL Injection Attempt -- displayCalendar.asp date INSERT
ET WEB_SPECIFIC_APPS ClickTech Click Blog SQL Injection Attempt -- displayCalendar.asp date INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS ClickTech Click Blog SQL Injection Attempt -- displayCalendar.asp date INSERT"; flow:established,to_server; http.uri; content:"/displayCalendar.asp?"; nocase; content:"date="; nocase; content:"INSERT"; nocase; content:"INTO"; nocase; distance:0; reference:cve,CVE-2006-6189; reference:url,www.securityfocus.com/bid/21310; classtype:web-application-attack; sid:2007225; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_10, mitre_tactic_id TA0001, mitre_t
Suricata
ET WEB_SPECIFIC_APPS ClickTech Click Blog SQL Injection Attempt -- displayCalendar.asp date UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6189 [HIGH] ET WEB_SPECIFIC_APPS ClickTech Click Blog SQL Injection Attempt -- displayCalendar.asp date UNION SELECT
ET WEB_SPECIFIC_APPS ClickTech Click Blog SQL Injection Attempt -- displayCalendar.asp date UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS ClickTech Click Blog SQL Injection Attempt -- displayCalendar.asp date UNION SELECT"; flow:established,to_server; http.uri; content:"/displayCalendar.asp?"; nocase; content:"date="; nocase; content:"UNION"; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2006-6189; reference:url,www.securityfocus.com/bid/21310; classtype:web-application-attack; sid:2007224; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_10, mitre_tactic_id TA
Exploit-DB
BitDefender Online Scanner 8 - ActiveX Heap Overflow
exploitdb·2007-11-27
CVE-2007-6189 BitDefender Online Scanner 8 - ActiveX Heap Overflow
BitDefender Online Scanner 8 - ActiveX Heap Overflow
---
BitDefender OScan8.ocx / Oscan81.ocx ActiveX Exploit
=-=-=-=-=-=-=-=-=-=-=-=-PRIVATE! NOT PUBLIC!=-=-=-=-=-=-=-=-=-=-=-=-
http://research.eeye.com/html/advisories/published/AD20071120.html
http://secunia.com/advisories/27717/
This works not 100% - it corrupts random memory in the browser and Launches calculator with success.
Users have had this installed since 2006! With no autoupdates :)
Google Search of BD OSCAN =
http://www.google.com/search?hl=ar&safe=off&rls=fr&hs=P4T&q=%225D86DDB5-BDF9-441B-9E9E-D4730F4EE499%22&btnG=Search
Modify the values in these to help keep it stable:
'SiteAuthority' - different memory address ?? - it turns values to literal address !
while (SiteAuthority.length
SCPL = unescape("%u9090%u9090%u90
Exploit-DB
Clickblog - 'Displaycalendar.asp' SQL Injection
exploitdb·2006-11-27
CVE-2006-6189 Clickblog - 'Displaycalendar.asp' SQL Injection
Clickblog - 'Displaycalendar.asp' SQL Injection
---
source: https://www.securityfocus.com/bid/21310/info
Clickblog is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
http://www.example.com/displayCalendar.asp?date=[SQL Injection]
No writeups or analysis indexed.
http://securityreason.com/securityalert/1934http://www.aria-security.com/forum/showthread.php?t=50http://www.securityfocus.com/archive/1/452730/100/0/threadedhttp://www.securityfocus.com/bid/21310https://exchange.xforce.ibmcloud.com/vulnerabilities/30537http://securityreason.com/securityalert/1934http://www.aria-security.com/forum/showthread.php?t=50http://www.securityfocus.com/archive/1/452730/100/0/threadedhttp://www.securityfocus.com/bid/21310https://exchange.xforce.ibmcloud.com/vulnerabilities/30537
2006-12-01
Published