Vulnerabilities > CVE-2006-6927 - SQL Injection and Cross-Site Scripting vulnerability in Grandora Rialto 1.6
Summary
Multiple SQL injection vulnerabilities in Rialto 1.6 allow remote attackers to execute arbitrary SQL commands via (1) the uname (username) and (2) pword (passwd) fields in (a) admin/default.asp; the (3) ID parameter to (b) listfull.asp or (c) printmain.asp; the (4) cat parameter to (d) listmain.asp, (e) searchoption.asp, or (f) searchmain.asp; the (5) Keyword parameter to (g) searchkey.asp; the (6) area parameter to searchmain.asp or searchoption.asp; the (7) searchin parameter to searchkey.asp; or the (8) cost1, (9) cost2, (10) acreage1, or (11) squarefeet1 parameters to searchoption.asp. NOTE: some of these details are obtained from third party information.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description Grandora Rialto 1.6 /admin/default.asp Multiple Field SQL Injection. CVE-2006-6927. Webapps exploit for asp platform id EDB-ID:29107 last seen 2016-02-03 modified 2006-11-20 published 2006-11-20 reporter laurent gaffie source https://www.exploit-db.com/download/29107/ title Grandora Rialto 1.6 /admin/default.asp Multiple Field SQL Injection description Grandora Rialto 1.6 searchmain.asp Multiple Parameter SQL Injection. CVE-2006-6927. Webapps exploit for asp platform id EDB-ID:29112 last seen 2016-02-03 modified 2006-11-20 published 2006-11-20 reporter laurent gaffie source https://www.exploit-db.com/download/29112/ title Grandora Rialto 1.6 - searchmain.asp Multiple Parameter SQL Injection description Grandora Rialto 1.6 listmain.asp cat Parameter SQL Injection. CVE-2006-6927. Webapps exploit for asp platform id EDB-ID:29109 last seen 2016-02-03 modified 2006-11-20 published 2006-11-20 reporter laurent gaffie source https://www.exploit-db.com/download/29109/ title Grandora Rialto 1.6 listmain.asp cat Parameter SQL Injection description Grandora Rialto 1.6 searchkey.asp Multiple Parameter SQL Injection. CVE-2006-6927. Webapps exploit for asp platform id EDB-ID:29111 last seen 2016-02-03 modified 2006-11-20 published 2006-11-20 reporter laurent gaffie source https://www.exploit-db.com/download/29111/ title Grandora Rialto 1.6 - searchkey.asp Multiple Parameter SQL Injection description Grandora Rialto 1.6 listfull.asp ID Parameter SQL Injection. CVE-2006-6927. Webapps exploit for asp platform id EDB-ID:29108 last seen 2016-02-03 modified 2006-11-20 published 2006-11-20 reporter laurent gaffie source https://www.exploit-db.com/download/29108/ title Grandora Rialto 1.6 listfull.asp ID Parameter SQL Injection description Grandora Rialto 1.6 searchoption.asp Multiple Parameter SQL Injection. CVE-2006-6927. Webapps exploit for asp platform id EDB-ID:29113 last seen 2016-02-03 modified 2006-11-20 published 2006-11-20 reporter laurent gaffie source https://www.exploit-db.com/download/29113/ title Grandora Rialto 1.6 - searchoption.asp Multiple Parameter SQL Injection description Grandora Rialto 1.6 printmain.asp ID Parameter SQL Injection. CVE-2006-6927. Webapps exploit for asp platform id EDB-ID:29110 last seen 2016-02-03 modified 2006-11-20 published 2006-11-20 reporter laurent gaffie source https://www.exploit-db.com/download/29110/ title Grandora Rialto 1.6 printmain.asp ID Parameter SQL Injection