CVE-2005-1200

AZ Bulletin Board 1.0.07a-1.0.07c - Remote File Inclusion via dir_src or abs_layer Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-1200. PoCs published by GulfTech Security.

AI-analyzed exploit summary This is a detailed vulnerability writeup for CVE-2005-1200 and CVE-2005-1201, describing arbitrary file deletion, file inclusion, and file enumeration vulnerabilities in AZBB forum software versions <= 1.0.07d. It includes code snippets and technical explanations but does not contain executable exploit code.

Description

PHP remote file inclusion vulnerability in main_index.php in AZ Bulletin Board (AZbb) 1.0.07a through 1.0.07c allows remote attackers to execute arbitrary PHP code by modifying the (1) dir_src or (2) abs_layer parameter to reference a URL on a remote web server that contains the code.

Exploits (1)

exploitdb WRITEUP

by GulfTech Security · textwebappsphp

https://www.exploit-db.com/exploits/43823

View Code ZIP pw:eip

This is a detailed vulnerability writeup for CVE-2005-1200 and CVE-2005-1201, describing arbitrary file deletion, file inclusion, and file enumeration vulnerabilities in AZBB forum software versions <= 1.0.07d. It includes code snippets and technical explanations but does not contain executable exploit code.

Classification

Writeup 100%

Attack Type

Other

Complexity

Moderate

Reliability

Theoretical

Target: AZBB <= 1.0.07d

Auth required

Prerequisites: Admin access for file deletion · Register globals enabled for file inclusion

MITRE ATT&CK