CVE-2010-2142
published 2010-06-02CVE-2010-2142: SQL injection vulnerability in default.asp in Cyberhost allows remote attackers to execute arbitrary SQL commands via the id parameter.
PriorityP344high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.03%
78.6th percentile
SQL injection vulnerability in default.asp in Cyberhost allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
EA Battlefield 2 / Battlefield 2142 - Multiple Arbitrary File Upload Vulnerabilities
exploitdb·2010-07-08
CVE-2010-2627 EA Battlefield 2 / Battlefield 2142 - Multiple Arbitrary File Upload Vulnerabilities
EA Battlefield 2 / Battlefield 2142 - Multiple Arbitrary File Upload Vulnerabilities
---
Source:
http://aluigi.org/adv/bf2urlz-adv.txt
#######################################################################
Luigi Auriemma
Application: Refractor 2 engine
Games: Battlefield 2 <= 1.50 (aka 1.5.3153-802.0)
http://www.battlefield.ea.com/battlefield/bf2/
Battlefield 2142 <= 1.50 (aka 1.10.48.0)
http://battlefield.ea.com/battlefield/bf2142/
...
other games developed with the same engine could be
vulnerable like Battlefield Heroes
Platforms: Windows
Bug: client URLs directory traversal
Exploitation: remote, versus clients
Date: 29 Jun 2010
Author: Luigi Auriemma
e-mail: [email protected]
web: aluigi.org
#######################################################################
1) Introduc
Exploit-DB
cyberhost - 'default.asp' SQL Injection
exploitdb·2010-05-22
CVE-2010-2142 cyberhost - 'default.asp' SQL Injection
cyberhost - 'default.asp' SQL Injection
---
source: https://www.securityfocus.com/bid/40357/info
cyberhost is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.example.com/default.asp?gb=paketayrinti&id=18+union+select+0,1,2,3,4,5,6,7+from+uye
http://packetstormsecurity.org/1005-exploits/cyberhost-sql.txthttp://www.securityfocus.com/bid/40357https://exchange.xforce.ibmcloud.com/vulnerabilities/58889http://packetstormsecurity.org/1005-exploits/cyberhost-sql.txthttp://www.securityfocus.com/bid/40357https://exchange.xforce.ibmcloud.com/vulnerabilities/58889
2010-06-02
Published