CVE-2002-0492
DCShop 1.002 Beta - Arbitrary File Deletion via Database Parameter Null Character
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2002-0492. PoCs published by pokleyzz sakamaniaka.
AI-analyzed exploit summary This exploit leverages a null byte injection vulnerability in DCShop Beta to overwrite setup files via a maliciously crafted POST request with multipart/form-data. The attacker can manipulate the database configuration by appending a null byte to the filename, leading to arbitrary file overwrite.
Description
dcshop.cgi in DCShop 1.002 Beta allows remote attackers to delete arbitrary setup files via a null character in the database parameter.
Exploits (1)
This exploit leverages a null byte injection vulnerability in DCShop Beta to overwrite setup files via a maliciously crafted POST request with multipart/form-data. The attacker can manipulate the database configuration by appending a null byte to the filename, leading to arbitrary file overwrite.