CVE-2007-1399

CRITICAL

PHP 5.2.0-5.2.1 - Remote Code Execution via Long zip:// URL

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1399. PoCs published by Stefan Esser.

AI-analyzed exploit summary This exploit targets a stack buffer overflow in PHP's zip:// URL wrapper (CVE-2007-1399) to execute arbitrary shellcode. It constructs a malicious filename with a long string of 'A's followed by shellcode and a return address to trigger the overflow.

Description

Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as demonstrated by actively triggering URL access from a remote PHP interpreter via avatar upload or blog pingback.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Stefan Esser · phplocallinux

https://www.exploit-db.com/exploits/3440

View Code ZIP pw:eip

This exploit targets a stack buffer overflow in PHP's zip:// URL wrapper (CVE-2007-1399) to execute arbitrary shellcode. It constructs a malicious filename with a long string of 'A's followed by shellcode and a return address to trigger the overflow.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: PHP (versions affected by CVE-2007-1399)

No auth needed

Prerequisites: PHP with vulnerable zip:// wrapper enabled · Ability to execute PHP code on the target system

MITRE ATT&CK