CVE-2007-1156

JBrowser - Unauthenticated Authentication Bypass via Direct Request to _admin/

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1156. PoCs published by Himeur Nourredine.

AI-analyzed exploit summary The exploit describes an unauthorized access vulnerability in the '_admin' directory due to lack of access validation, allowing arbitrary script execution and file uploads. It provides example URLs to demonstrate the issue but lacks executable code.

Description

JBrowser allows remote attackers to bypass authentication and access certain administrative capabilities via a direct request for _admin/.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Himeur Nourredine · textwebappsphp

https://www.exploit-db.com/exploits/23628

View Code ZIP pw:eip

The exploit describes an unauthorized access vulnerability in the '_admin' directory due to lack of access validation, allowing arbitrary script execution and file uploads. It provides example URLs to demonstrate the issue but lacks executable code.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Theoretical

Target: Unknown web application (likely a CMS or custom admin panel)

No auth needed

Prerequisites: Network access to the target web server

MITRE ATT&CK