CVE-2007-1416

JCcorp URLshrink - Remote File Inclusion via createurl.php formurl Parameter

Title source: manual

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1416. PoCs published by Hasadya Raed.

AI-analyzed exploit summary The provided text describes a remote file-include vulnerability in URLshrink Free version 1.3.1, where insufficient sanitization of user-supplied data in the 'formurl' parameter of 'createurl.php' allows for potential remote code execution or other attacks.

Description

PHP remote file inclusion vulnerability in createurl.php in JCcorp (aka James Coyle) URLshrink allows remote attackers to execute arbitrary PHP code via a URL in the formurl parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Hasadya Raed · textwebappsphp

https://www.exploit-db.com/exploits/29722

View Code ZIP pw:eip

The provided text describes a remote file-include vulnerability in URLshrink Free version 1.3.1, where insufficient sanitization of user-supplied data in the 'formurl' parameter of 'createurl.php' allows for potential remote code execution or other attacks.

Classification

Writeup 80%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: URLshrink Free 1.3.1

No auth needed

Prerequisites: Access to the vulnerable 'createurl.php' script · Ability to craft a malicious URL with a remote shell payload

MITRE ATT&CK