CVE-2005-4622

efilego 3.01 - Directory Traversal and Arbitrary File Upload via Triple Dot in URL

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-4622. PoCs published by dr_insane.

AI-analyzed exploit summary The provided text describes multiple input validation vulnerabilities in eFileGo, including directory traversal and arbitrary command execution. It includes example URLs demonstrating exploitation but lacks executable code.

Description

Directory traversal vulnerability in eFileGo 3.01 allows remote attackers to execute arbitrary code, read arbitrary files, and upload arbitrary files via a ... (triple dot) in (1) the URL on port 608 and (2) the argument to upload.exe.

Exploits (1)

exploitdb WRITEUP VERIFIED

by dr_insane · textremotewindows

https://www.exploit-db.com/exploits/27024

View Code ZIP pw:eip

The provided text describes multiple input validation vulnerabilities in eFileGo, including directory traversal and arbitrary command execution. It includes example URLs demonstrating exploitation but lacks executable code.

Classification

Writeup 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: eFileGo (version not specified)

No auth needed

Prerequisites: Network access to the vulnerable application

MITRE ATT&CK