CVE-2004-1888

Aborior Encore WebForum - Command Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-1888. PoCs published by K-159.

AI-analyzed exploit summary This Perl script exploits a command injection vulnerability in Encore Web Forum by injecting arbitrary commands via the 'file' parameter in the 'display.cgi' script. The exploit uses LWP::UserAgent to send a crafted HTTP request with the command embedded in the URI.

Description

display.cgi in Aborior Encore WebForum allows remote to execute arbitrary commands via shell metacharacters in the file variable.

Exploits (1)

exploitdb WORKING POC VERIFIED

by K-159 · perlwebappscgi

https://www.exploit-db.com/exploits/23907

View Code ZIP pw:eip

This Perl script exploits a command injection vulnerability in Encore Web Forum by injecting arbitrary commands via the 'file' parameter in the 'display.cgi' script. The exploit uses LWP::UserAgent to send a crafted HTTP request with the command embedded in the URI.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Encore Web Forum

No auth needed

Prerequisites: Target must be running Encore Web Forum with vulnerable 'display.cgi' script · Network access to the target web server

MITRE ATT&CK