CVE-2005-0720

mcnews 1.3 - Remote Code Execution via Skinfile Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-0720. PoCs published by Filip Groszynski.

AI-analyzed exploit summary This exploit leverages a file inclusion vulnerability in mcNews due to unsafe handling of the 'skinfile' parameter in header.php when register_globals and allow_url_fopen are enabled. It allows remote code execution by including a malicious file from an attacker-controlled server.

Description

PHP remote file inclusion vulnerability in admin/header.php in PHP mcNews 1.3 allows remote attackers to execute arbitrary PHP code by modifying the skinfile parameter to reference a URL on a remote web server that contains the code.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Filip Groszynski · textwebappsphp

https://www.exploit-db.com/exploits/865

View Code ZIP pw:eip

This exploit leverages a file inclusion vulnerability in mcNews due to unsafe handling of the 'skinfile' parameter in header.php when register_globals and allow_url_fopen are enabled. It allows remote code execution by including a malicious file from an attacker-controlled server.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: mcNews (version not specified)

No auth needed

Prerequisites: register_globals=on · allow_url_fopen=on · access to the admin/header.php endpoint

MITRE ATT&CK