Vulnerabilities > CVE-2006-6365 - SQL Injection vulnerability in DUware DUpaypal Pro
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
SQL injection vulnerability in detail.asp in DUware DUpaypal 3.1, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the iType parameter. NOTE: the iState parameter is already covered by CVE-2005-3976 and the iPro parameter is already covered by CVE-2005-2047.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 |
Exploit-Db
description | DUware DUpaypal 3.0/3.1 detail.asp iPro Parameter SQL Injection. CVE-2006-6365. Webapps exploit for asp platform |
id | EDB-ID:25866 |
last seen | 2016-02-03 |
modified | 2005-06-22 |
published | 2005-06-22 |
reporter | Dedi Dwianto |
source | https://www.exploit-db.com/download/25866/ |
title | DUware DUpaypal 3.0/3.1 detail.asp iPro Parameter SQL Injection |
Nessus
NASL family | CGI abuses |
NASL id | DUPAYPAL_SQL_INJECTIONS.NASL |
description | The remote host is running DUpaypal Pro, an ASP-based storefront from DUware for Paypal. The installed version of DUpaypal Pro fails to properly sanitize user- supplied input in several instances before using it in SQL queries. By exploiting these flaws, an attacker can affect database queries, possibly disclosing sensitive data and launching attacks against the underlying database. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 18568 |
published | 2005-06-28 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/18568 |
title | DUpaypal Pro Multiple Scripts SQL Injection |
code |
|
References
- http://secunia.com/advisories/23222
- http://securityreason.com/securityalert/1987
- http://www.aria-security.com/forum/showthread.php?t=62
- http://www.securityfocus.com/archive/1/453332/100/0/threaded
- http://www.securityfocus.com/bid/14034
- http://www.vupen.com/english/advisories/2006/4846
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30666