CVE-2002-0430

Sun Cobalt RaQ XTR - Unauthenticated Arbitrary File Write via Symlink Attack on Temporary File

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2002-0430. PoCs published by Wouter ter Maat.

AI-analyzed exploit summary This exploit targets CVE-2002-0430 in Cobalt RaQ's 'MultiFileUpload.php' script, which lacks authentication. It allows file uploads with predictable filenames in '/tmp', enabling local attackers to overwrite files via symlinks, potentially leading to privilege escalation.

Description

MultiFileUploadHandler.php in the Sun Cobalt RaQ XTR administration interface allows local users to bypass authentication and overwrite arbitrary files via a symlink attack on a temporary file, followed by a request to MultiFileUpload.php.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Wouter ter Maat · bashremotephp

https://www.exploit-db.com/exploits/21335

View Code ZIP pw:eip

This exploit targets CVE-2002-0430 in Cobalt RaQ's 'MultiFileUpload.php' script, which lacks authentication. It allows file uploads with predictable filenames in '/tmp', enabling local attackers to overwrite files via symlinks, potentially leading to privilege escalation.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: Cobalt RaQ (Sun Microsystems)

No auth needed

Prerequisites: local access to the system · ability to create symlinks

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1222 - File and Directory Permissions Modification

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Wouter ter Maat · perlremotephp

https://www.exploit-db.com/exploits/21334

View Code ZIP pw:eip

This exploit targets an authentication bypass in Cobalt RaQ's 'MultiFileUpload.php' script, allowing unauthenticated file uploads. The PoC generates predictable filenames for a race condition attack, potentially leading to local privilege escalation or DoS.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Racy

Target: Cobalt RaQ (version not specified)

No auth needed

Prerequisites: Local access for privilege escalation · Network access to the target server

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1565.003 - Runtime Data Manipulation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/4252

Exploit, Vendor Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2002-03/0081.html

Scores

EPSS 0.0091

EPSS Percentile 55.2%

Details

Status published

Products (3)

sun/cobalt_raq_2

sun/cobalt_raq_3i

sun/cobalt_raq_4

Published Aug 12, 2002

Tracked Since Feb 18, 2026