CVE-2006-6342
published 2006-12-07CVE-2006-6342: Multiple SQL injection vulnerabilities in KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY allow remote attackers to execute arbitrary SQL commands via the (1)…
PriorityP340high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
0.99%
58.2th percentile
Multiple SQL injection vulnerabilities in KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) agent parameters in (a) search_listing.asp, and the (3) property_id parameter in (b) detail.asp.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp agent DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2006-6342 [HIGH] ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp agent DELETE
ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp agent DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp agent DELETE"; flow:established,to_server; http.uri; content:"/search_listing.asp?"; nocase; content:"agent="; nocase; content:"DELETE"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2006-6342; reference:url,www.securityfocus.com/bid/21199; classtype:web-application-attack; sid:2006769; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at
Suricata
ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp agent ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2006-6342 [HIGH] ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp agent ASCII
ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp agent ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp agent ASCII"; flow:established,to_server; http.uri; content:"/search_listing.asp?"; nocase; content:"agent="; nocase; content:"ASCII("; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2006-6342; reference:url,www.securityfocus.com/bid/21199; classtype:web-application-attack; sid:2006770; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at
Suricata
ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp agent INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6342 [HIGH] ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp agent INSERT
ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp agent INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp agent INSERT"; flow:established,to_server; http.uri; content:"/search_listing.asp?"; nocase; content:"agent="; nocase; content:"INSERT"; nocase; content:"INTO"; nocase; distance:0; reference:cve,CVE-2006-6342; reference:url,www.securityfocus.com/bid/21199; classtype:web-application-attack; sid:2006768; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at
Suricata
ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp agent SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6342 [HIGH] ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp agent SELECT
ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp agent SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp agent SELECT"; flow:established,to_server; http.uri; content:"/search_listing.asp?"; nocase; content:"agent="; nocase; content:"SELECT"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2006-6342; reference:url,www.securityfocus.com/bid/21199; classtype:web-application-attack; sid:2006766; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at
Suricata
ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp category DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2006-6342 [HIGH] ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp category DELETE
ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp category DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp category DELETE"; flow:established,to_server; http.uri; content:"/search_listing.asp?"; nocase; content:"category="; nocase; content:"DELETE"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2006-6342; reference:url,www.securityfocus.com/bid/21199; classtype:web-application-attack; sid:2006763; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, up
Suricata
ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp category UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6342 [HIGH] ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp category UNION SELECT
ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp category UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp category UNION SELECT"; flow:established,to_server; http.uri; content:"/search_listing.asp?"; nocase; content:"category="; nocase; content:"UNION"; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2006-6342; reference:url,www.securityfocus.com/bid/21199; classtype:web-application-attack; sid:2006761; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_
Suricata
ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp agent UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6342 [HIGH] ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp agent UNION SELECT
ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp agent UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp agent UNION SELECT"; flow:established,to_server; http.uri; content:"/search_listing.asp?"; nocase; content:"agent="; nocase; content:"UNION"; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2006-6342; reference:url,www.securityfocus.com/bid/21199; classtype:web-application-attack; sid:2006767; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection
Suricata
ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp category SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6342 [HIGH] ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp category SELECT
ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp category SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp category SELECT"; flow:established,to_server; http.uri; content:"/search_listing.asp?"; nocase; content:"category="; nocase; content:"SELECT"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2006-6342; reference:url,www.securityfocus.com/bid/21199; classtype:web-application-attack; sid:2006760; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, upd
Suricata
ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp category ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2006-6342 [HIGH] ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp category ASCII
ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp category ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp category ASCII"; flow:established,to_server; http.uri; content:"/search_listing.asp?"; nocase; content:"category="; nocase; content:"ASCII("; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2006-6342; reference:url,www.securityfocus.com/bid/21199; classtype:web-application-attack; sid:2006764; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, up
Suricata
ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp agent UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2006-6342 [HIGH] ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp agent UPDATE
ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp agent UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp agent UPDATE"; flow:established,to_server; http.uri; content:"/search_listing.asp?"; nocase; content:"agent="; nocase; content:"UPDATE"; nocase; content:"SET"; nocase; distance:0; reference:cve,CVE-2006-6342; reference:url,www.securityfocus.com/bid/21199; classtype:web-application-attack; sid:2006771; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2
Suricata
ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp category UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2006-6342 [HIGH] ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp category UPDATE
ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp category UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp category UPDATE"; flow:established,to_server; http.uri; content:"/search_listing.asp?"; nocase; content:"category="; nocase; content:"UPDATE"; nocase; content:"SET"; nocase; distance:0; reference:cve,CVE-2006-6342; reference:url,www.securityfocus.com/bid/21199; classtype:web-application-attack; sid:2006765; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, upd
Suricata
ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp category INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6342 [HIGH] ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp category INSERT
ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp category INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp category INSERT"; flow:established,to_server; http.uri; content:"/search_listing.asp?"; nocase; content:"category="; nocase; content:"INSERT"; nocase; content:"INTO"; nocase; distance:0; reference:cve,CVE-2006-6342; reference:url,www.securityfocus.com/bid/21199; classtype:web-application-attack; sid:2006762; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, up
Suricata
ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- detail.asp property_id UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2006-6342 [HIGH] ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- detail.asp property_id UPDATE
ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- detail.asp property_id UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- detail.asp property_id UPDATE"; flow:established,to_server; http.uri; content:"/detail.asp?"; nocase; content:"property_id="; nocase; content:"UPDATE"; nocase; content:"SET"; nocase; distance:0; reference:cve,CVE-2006-6342; reference:url,www.securityfocus.com/bid/21199; classtype:web-application-attack; sid:2006777; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09
Suricata
ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- detail.asp property_id ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2006-6342 [HIGH] ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- detail.asp property_id ASCII
ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- detail.asp property_id ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- detail.asp property_id ASCII"; flow:established,to_server; http.uri; content:"/detail.asp?"; nocase; content:"property_id="; nocase; content:"ASCII("; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2006-6342; reference:url,www.securityfocus.com/bid/21199; classtype:web-application-attack; sid:2006776; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_0
Suricata
ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- detail.asp property_id DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2006-6342 [HIGH] ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- detail.asp property_id DELETE
ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- detail.asp property_id DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- detail.asp property_id DELETE"; flow:established,to_server; http.uri; content:"/detail.asp?"; nocase; content:"property_id="; nocase; content:"DELETE"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2006-6342; reference:url,www.securityfocus.com/bid/21199; classtype:web-application-attack; sid:2006775; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_0
Suricata
ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- detail.asp property_id INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6342 [HIGH] ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- detail.asp property_id INSERT
ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- detail.asp property_id INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- detail.asp property_id INSERT"; flow:established,to_server; http.uri; content:"/detail.asp?"; nocase; content:"property_id="; nocase; content:"INSERT"; nocase; content:"INTO"; nocase; distance:0; reference:cve,CVE-2006-6342; reference:url,www.securityfocus.com/bid/21199; classtype:web-application-attack; sid:2006774; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_0
Suricata
ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- detail.asp property_id SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6342 [HIGH] ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- detail.asp property_id SELECT
ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- detail.asp property_id SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- detail.asp property_id SELECT"; flow:established,to_server; http.uri; content:"/detail.asp?"; nocase; content:"property_id="; nocase; content:"SELECT"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2006-6342; reference:url,www.securityfocus.com/bid/21199; classtype:web-application-attack; sid:2006772; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_0
Suricata
ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- detail.asp property_id UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6342 [HIGH] ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- detail.asp property_id UNION SELECT
ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- detail.asp property_id UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- detail.asp property_id UNION SELECT"; flow:established,to_server; http.uri; content:"/detail.asp?"; nocase; content:"property_id="; nocase; content:"UNION"; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2006-6342; reference:url,www.securityfocus.com/bid/21199; classtype:web-application-attack; sid:2006773; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, upda
Exploit-DB
Klf-Realty 2.0 - 'search_listing.asp' Multiple SQL Injections
exploitdb·2006-11-20
CVE-2006-6342 Klf-Realty 2.0 - 'search_listing.asp' Multiple SQL Injections
Klf-Realty 2.0 - 'search_listing.asp' Multiple SQL Injections
---
source: https://www.securityfocus.com/bid/21199/info
Klf-Realty is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
http://www.example.com/search_listing.asp?category='[sql]
http://www.example.com/search_listing.asp?agent='[sql]
Exploit-DB
Klf-Realty 2.0 - 'detail.asp?property_id' SQL Injection
exploitdb·2006-11-20
CVE-2006-6342 Klf-Realty 2.0 - 'detail.asp?property_id' SQL Injection
Klf-Realty 2.0 - 'detail.asp?property_id' SQL Injection
---
source: https://www.securityfocus.com/bid/21199/info
Klf-Realty is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
http://www.example.com/detail.asp?property_id='[sql]
No writeups or analysis indexed.
http://securityreason.com/securityalert/1976http://www.securityfocus.com/archive/1/452115/100/200/threadedhttp://www.securityfocus.com/bid/21199https://exchange.xforce.ibmcloud.com/vulnerabilities/30435http://securityreason.com/securityalert/1976http://www.securityfocus.com/archive/1/452115/100/200/threadedhttp://www.securityfocus.com/bid/21199https://exchange.xforce.ibmcloud.com/vulnerabilities/30435
2006-12-07
Published