CVE-2007-1525

Dayfox Blog 4 - Remote Code Execution via Cat Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1525. PoCs published by Dj7xpl.

AI-analyzed exploit summary This exploit targets a file inclusion vulnerability in Dayfox Blog V4, allowing remote code execution by injecting malicious PHP code via the 'posts.php' endpoint. The PoC provides a form to submit arbitrary script content, which is then executed on the server.

Description

Direct static code injection vulnerability in postpost.php in Dayfox Blog (dfblog) 4 allows remote attackers to execute arbitrary PHP code via the cat parameter, which can be executed via a request to posts.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Dj7xpl · htmlwebappsphp

https://www.exploit-db.com/exploits/3478

View Code ZIP pw:eip

This exploit targets a file inclusion vulnerability in Dayfox Blog V4, allowing remote code execution by injecting malicious PHP code via the 'posts.php' endpoint. The PoC provides a form to submit arbitrary script content, which is then executed on the server.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Dayfox Blog V4

No auth needed

Prerequisites: Target must be running Dayfox Blog V4 · Access to the 'posts.php' endpoint

MITRE ATT&CK