ID OSVDB:33982
Type osvdb
Reporter OSVDB
Modified 2007-03-09T11:03:51
Description
Manual Testing Notes
http://[target]/Path_Script/createurl.php?formurl=[Shell-Attack]
References:
Secunia Advisory ID:24340
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-03/0066.html
FrSIRT Advisory: ADV-2007-0902
CVE-2007-1416
Bugtraq ID: 22894
{"href": "https://vulners.com/osvdb/OSVDB:33982", "id": "OSVDB:33982", "reporter": "OSVDB", "published": "2007-03-09T11:03:51", "description": "## Manual Testing Notes\nhttp://[target]/Path_Script/createurl.php?formurl=[Shell-Attack]\n## References:\n[Secunia Advisory ID:24340](https://secuniaresearch.flexerasoftware.com/advisories/24340/)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-03/0066.html\nFrSIRT Advisory: ADV-2007-0902\n[CVE-2007-1416](https://vulners.com/cve/CVE-2007-1416)\nBugtraq ID: 22894\n", "title": "JCcorp URLshrink Free createurl.php formurl Variable Remote File Inclusion", "lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "type": "osvdb", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "references": [], "edition": 1, "cvelist": ["CVE-2007-1416"], "affectedSoftware": [], "viewCount": 3, "enchantments": {"score": {"value": 6.4, "vector": "NONE", "modified": "2017-04-28T13:20:30", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-1416"]}, {"type": "exploitdb", "idList": ["EDB-ID:29722"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:7361"]}], "modified": "2017-04-28T13:20:30", "rev": 2}, "vulnersScore": 6.4}, "modified": "2007-03-09T11:03:51"}
{"cve": [{"lastseen": "2020-10-03T11:45:50", "description": "PHP remote file inclusion vulnerability in createurl.php in JCcorp (aka James Coyle) URLshrink allows remote attackers to execute arbitrary PHP code via a URL in the formurl parameter.", "edition": 3, "cvss3": {}, "published": "2007-03-12T23:19:00", "title": "CVE-2007-1416", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-1416"], "modified": "2018-10-16T16:38:00", "cpe": ["cpe:/a:jccorp:urlshrink:1.3.1"], "id": "CVE-2007-1416", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1416", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:jccorp:urlshrink:1.3.1:*:*:*:*:*:*:*"]}], "exploitdb": [{"lastseen": "2016-02-03T10:59:06", "description": "JCCorp URLShrink Free 1.3.1 CreateURL.PHP Remote File Include Vulnerability. CVE-2007-1416. Webapps exploit for php platform", "published": "2007-03-09T00:00:00", "type": "exploitdb", "title": "JCCorp URLShrink Free 1.3.1 CreateURL.PHP Remote File Include Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-1416"], "modified": "2007-03-09T00:00:00", "id": "EDB-ID:29722", "href": "https://www.exploit-db.com/exploits/29722/", "sourceData": "source: http://www.securityfocus.com/bid/22894/info\r\n\r\nURLshrink Free is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.\r\n\r\nExploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.\r\n\r\nVersion 1.3.1 is vulnerable; other versions may also be affected. \r\n\r\nhttp://www.example.com/Path_Script/createurl.php?formurl=[Shell-Attack] ", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/29722/"}], "securityvulns": [{"lastseen": "2018-08-31T11:09:24", "bulletinFamily": "software", "cvelist": ["CVE-2007-1395", "CVE-2007-1390", "CVE-2007-1325", "CVE-2007-1416", "CVE-2007-1519", "CVE-2007-1389", "CVE-2007-1414", "CVE-2007-1391", "CVE-2007-1520"], "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 1, "modified": "2007-03-09T00:00:00", "published": "2007-03-09T00:00:00", "id": "SECURITYVULNS:VULN:7361", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7361", "title": "Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
