CVE-2007-0501

mafia_scum_tools < 2.0.0 - Remote Code Execution via Gen Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-0501. PoCs published by DeltahackingTEAM.

AI-analyzed exploit summary This Perl script exploits a Remote File Include (RFI) vulnerability in mafia-2-0-0's index.php by injecting a remote shell URL via the 'gen' parameter. It allows command execution through a provided shell location and command variable.

Description

PHP remote file inclusion vulnerability in index.php in Mafia Scum Tools 2.0.0 in Matthew Wardrop Advanced Random Generators (adv-random-gen) allows remote attackers to execute arbitrary PHP code via a URL in the gen parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by DeltahackingTEAM · perlwebappsphp

https://www.exploit-db.com/exploits/3171

View Code ZIP pw:eip

This Perl script exploits a Remote File Include (RFI) vulnerability in mafia-2-0-0's index.php by injecting a remote shell URL via the 'gen' parameter. It allows command execution through a provided shell location and command variable.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: mafia-2-0-0

No auth needed

Prerequisites: Perl environment · LWP::UserAgent and LWP::Simple modules · Remote shell accessible via URL

MITRE ATT&CK