CVE-2004-2692

php-exec-dir 4.3.2-4.3.7 - Remote Command Execution via Backtick Operator

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-2692. PoCs published by VeNoMouS.

AI-analyzed exploit summary This PHP script demonstrates command injection by executing `/bin/ps aux` using backticks and pipe operators. It is a simple proof-of-concept for CVE-2004-2692, which involves improper input validation in PHP applications.

Description

The exec_dir PHP patch (php-exec-dir) 4.3.2 through 4.3.7 with safe mode disabled allows remote attackers to bypass restrictions and execute arbitrary commands via a backtick operator, which is not handled using the php_escape_shell_cmd function.

Exploits (1)

exploitdb WORKING POC VERIFIED

by VeNoMouS · textwebappsphp

https://www.exploit-db.com/exploits/384

View Code ZIP pw:eip

This PHP script demonstrates command injection by executing `/bin/ps aux` using backticks and pipe operators. It is a simple proof-of-concept for CVE-2004-2692, which involves improper input validation in PHP applications.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: PHP applications (unspecified version)

No auth needed

Prerequisites: A vulnerable PHP application that does not sanitize input

MITRE ATT&CK