CVE-2003-1385

Invision Power Board 1.1.1 - Remote Code Execution via root_path Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-1385. PoCs published by frog.

AI-analyzed exploit summary This is a writeup describing a remote file inclusion vulnerability in Invision Board due to insufficient sanitization of the 'root_path' parameter in 'ipchat.php'. Attackers can exploit this to include and execute arbitrary PHP files from remote servers.

Description

ipchat.php in Invision Power Board 1.1.1 allows remote attackers to execute arbitrary PHP code, if register_globals is enabled, by modifying the root_path parameter to reference a URL on a remote web server that contains the code.

Exploits (1)

exploitdb WRITEUP VERIFIED

by frog · textwebappsphp

https://www.exploit-db.com/exploits/22295

View Code ZIP pw:eip

This is a writeup describing a remote file inclusion vulnerability in Invision Board due to insufficient sanitization of the 'root_path' parameter in 'ipchat.php'. Attackers can exploit this to include and execute arbitrary PHP files from remote servers.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Invision Board (version not specified)

No auth needed

Prerequisites: Access to the vulnerable 'ipchat.php' endpoint · Ability to host a malicious PHP file on an attacker-controlled server

MITRE ATT&CK