CVE-2007-0485

WebChat 0.77 - Remote File Inclusion via WEBCHATPATH Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-0485. PoCs published by v1per-haCker.

AI-analyzed exploit summary This exploit demonstrates a file inclusion vulnerability in WebChat 0.77 by manipulating the WEBCHATPATH parameter in defines.php to include a remote file. The vulnerability allows remote code execution if allow_url_include is enabled.

Description

PHP remote file inclusion vulnerability in defines.php in WebChat 0.77 allows remote attackers to execute arbitrary PHP code via a URL in the WEBCHATPATH parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by v1per-haCker · textwebappsphp

https://www.exploit-db.com/exploits/3169

View Code ZIP pw:eip

This exploit demonstrates a file inclusion vulnerability in WebChat 0.77 by manipulating the WEBCHATPATH parameter in defines.php to include a remote file. The vulnerability allows remote code execution if allow_url_include is enabled.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: WebChat 0.77

No auth needed

Prerequisites: allow_url_include enabled on the target server · remote file hosting with malicious payload

MITRE ATT&CK