CVE-2005-3929

Xaraya 1.0 - Directory Traversal and Arbitrary File Write via Module Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-3929. PoCs published by rgod.

AI-analyzed exploit summary This exploit targets a directory traversal vulnerability in Xaraya <=1.0.0 RC4, allowing an attacker to create empty files or overwrite the configuration file, leading to a Denial of Service (DoS). The script sends multiple HTTP requests with crafted paths to exploit the vulnerability.

Description

Directory traversal vulnerability in the create function in xarMLSXML2PHPBackend.php in Xaraya 1.0 allows remote attackers to create directories and overwrite arbitrary files via ".." sequences in the module parameter to index.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · phpdosphp

https://www.exploit-db.com/exploits/1345

View Code ZIP pw:eip

This exploit targets a directory traversal vulnerability in Xaraya <=1.0.0 RC4, allowing an attacker to create empty files or overwrite the configuration file, leading to a Denial of Service (DoS). The script sends multiple HTTP requests with crafted paths to exploit the vulnerability.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Xaraya <=1.0.0 RC4

No auth needed

Prerequisites: Network access to the target Xaraya installation

MITRE ATT&CK