CVE-2006-6349
published 2006-12-07CVE-2006-6349: Multiple SQL injection vulnerabilities in PWP Technologies The Classified Ad System allow remote attackers to execute arbitrary SQL commands via (1) the main…
PriorityP343high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.99%
78.2th percentile
Multiple SQL injection vulnerabilities in PWP Technologies The Classified Ad System allow remote attackers to execute arbitrary SQL commands via (1) the main parameter in a view action (includes/mainpage/view.asp) in default.asp or (2) a query in the search engine.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS PWP Technologies The Classified Ad System SQL Injection Attempt -- default.asp main INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6349 [HIGH] ET WEB_SPECIFIC_APPS PWP Technologies The Classified Ad System SQL Injection Attempt -- default.asp main INSERT
ET WEB_SPECIFIC_APPS PWP Technologies The Classified Ad System SQL Injection Attempt -- default.asp main INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS PWP Technologies The Classified Ad System SQL Injection Attempt -- default.asp main INSERT"; flow:established,to_server; http.uri; content:"/default.asp?"; nocase; content:"main="; nocase; content:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/i"; reference:cve,CVE-2006-6349; reference:url,downloads.securityfocus.com/vulnerabilities/exploits/21758.pl; classtype:web-application-attack; sid:2006732; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_
Suricata
ET WEB_SPECIFIC_APPS PWP Technologies The Classified Ad System SQL Injection Attempt -- default.asp main SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6349 [HIGH] ET WEB_SPECIFIC_APPS PWP Technologies The Classified Ad System SQL Injection Attempt -- default.asp main SELECT
ET WEB_SPECIFIC_APPS PWP Technologies The Classified Ad System SQL Injection Attempt -- default.asp main SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS PWP Technologies The Classified Ad System SQL Injection Attempt -- default.asp main SELECT"; flow:established,to_server; http.uri; content:"/default.asp?"; nocase; content:"main="; nocase; content:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/i"; reference:cve,CVE-2006-6349; reference:url,downloads.securityfocus.com/vulnerabilities/exploits/21758.pl; classtype:web-application-attack; sid:2006730; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_
Suricata
ET WEB_SPECIFIC_APPS PWP Technologies The Classified Ad System SQL Injection Attempt -- default.asp main ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2006-6349 [HIGH] ET WEB_SPECIFIC_APPS PWP Technologies The Classified Ad System SQL Injection Attempt -- default.asp main ASCII
ET WEB_SPECIFIC_APPS PWP Technologies The Classified Ad System SQL Injection Attempt -- default.asp main ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS PWP Technologies The Classified Ad System SQL Injection Attempt -- default.asp main ASCII"; flow:established,to_server; http.uri; content:"/default.asp?"; nocase; content:"main="; nocase; content:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/i"; reference:cve,CVE-2006-6349; reference:url,downloads.securityfocus.com/vulnerabilities/exploits/21758.pl; classtype:web-application-attack; sid:2006734; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_
Suricata
ET WEB_SPECIFIC_APPS PWP Technologies The Classified Ad System SQL Injection Attempt -- default.asp main DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2006-6349 [HIGH] ET WEB_SPECIFIC_APPS PWP Technologies The Classified Ad System SQL Injection Attempt -- default.asp main DELETE
ET WEB_SPECIFIC_APPS PWP Technologies The Classified Ad System SQL Injection Attempt -- default.asp main DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS PWP Technologies The Classified Ad System SQL Injection Attempt -- default.asp main DELETE"; flow:established,to_server; http.uri; content:"/default.asp?"; nocase; content:"main="; nocase; content:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/i"; reference:cve,CVE-2006-6349; reference:url,downloads.securityfocus.com/vulnerabilities/exploits/21758.pl; classtype:web-application-attack; sid:2006733; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_
Suricata
ET WEB_SPECIFIC_APPS PWP Technologies The Classified Ad System SQL Injection Attempt -- default.asp main UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6349 [HIGH] ET WEB_SPECIFIC_APPS PWP Technologies The Classified Ad System SQL Injection Attempt -- default.asp main UNION SELECT
ET WEB_SPECIFIC_APPS PWP Technologies The Classified Ad System SQL Injection Attempt -- default.asp main UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS PWP Technologies The Classified Ad System SQL Injection Attempt -- default.asp main UNION SELECT"; flow:established,to_server; http.uri; content:"/default.asp?"; nocase; content:"main="; nocase; content:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/i"; reference:cve,CVE-2006-6349; reference:url,downloads.securityfocus.com/vulnerabilities/exploits/21758.pl; classtype:web-application-attack; sid:2006731; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, upd
Suricata
ET WEB_SPECIFIC_APPS PWP Technologies The Classified Ad System SQL Injection Attempt -- default.asp main UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2006-6349 [HIGH] ET WEB_SPECIFIC_APPS PWP Technologies The Classified Ad System SQL Injection Attempt -- default.asp main UPDATE
ET WEB_SPECIFIC_APPS PWP Technologies The Classified Ad System SQL Injection Attempt -- default.asp main UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS PWP Technologies The Classified Ad System SQL Injection Attempt -- default.asp main UPDATE"; flow:established,to_server; http.uri; content:"/default.asp?"; nocase; content:"main="; nocase; content:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/i"; reference:cve,CVE-2006-6349; reference:url,downloads.securityfocus.com/vulnerabilities/exploits/21758.pl; classtype:web-application-attack; sid:2006735; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_0
No writeups or analysis indexed.
http://secunia.com/advisories/23289http://securityreason.com/securityalert/1975http://www.securityfocus.com/archive/1/452194/100/200/threadedhttp://www.securityfocus.com/bid/21198http://www.securityfocus.com/bid/21758http://www.vupen.com/english/advisories/2006/5192https://exchange.xforce.ibmcloud.com/vulnerabilities/30443https://www.exploit-db.com/exploits/3015http://secunia.com/advisories/23289http://securityreason.com/securityalert/1975http://www.securityfocus.com/archive/1/452194/100/200/threadedhttp://www.securityfocus.com/bid/21198http://www.securityfocus.com/bid/21758http://www.vupen.com/english/advisories/2006/5192https://exchange.xforce.ibmcloud.com/vulnerabilities/30443https://www.exploit-db.com/exploits/3015
2006-12-07
Published