CVE-2007-1604

w-Agora - Unauthenticated Arbitrary File Upload and Remote Code Execution via Forum Message Attachment or Avatar Upload

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1604. PoCs published by laurent gaffie.

AI-analyzed exploit summary This exploit demonstrates a file upload vulnerability in w-Agora Forum 4.2.1 by manipulating the Content-Type header to bypass file type restrictions, allowing arbitrary PHP code execution. The PoC constructs a multipart/form-data request to upload a malicious PHP file disguised as an image.

Description

Multiple unrestricted file upload vulnerabilities in w-Agora (Web-Agora) allow remote attackers to upload and execute arbitrary PHP code (1) via a forum message with an attached file, which is stored under forums/hello/hello/notes/ or (2) by using browse_avatar.php to upload a file with a double extension, as demonstrated by .php.jpg.

Exploits (1)

exploitdb WORKING POC VERIFIED

by laurent gaffie · phpwebappsphp

https://www.exploit-db.com/exploits/29763

View Code ZIP pw:eip

This exploit demonstrates a file upload vulnerability in w-Agora Forum 4.2.1 by manipulating the Content-Type header to bypass file type restrictions, allowing arbitrary PHP code execution. The PoC constructs a multipart/form-data request to upload a malicious PHP file disguised as an image.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: w-Agora Forum 4.2.1

Auth required

Prerequisites: Valid credentials for the target w-Agora Forum · Network access to the target web server

MITRE ATT&CK