CVE-2007-1720

Addressbook 1.2 - Directory Traversal and Arbitrary File Execution via module_name Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1720. PoCs published by bd0rk.

AI-analyzed exploit summary This exploit leverages a Local File Inclusion (LFI) vulnerability in PHP-Nuke's Addressbook module (v1.2) by injecting malicious PHP code into Apache log files and then including them via a null-byte terminated path. It provides a pseudo-shell for remote command execution.

Description

Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by bd0rk · perlwebappsphp

https://www.exploit-db.com/exploits/3582

View Code ZIP pw:eip

This exploit leverages a Local File Inclusion (LFI) vulnerability in PHP-Nuke's Addressbook module (v1.2) by injecting malicious PHP code into Apache log files and then including them via a null-byte terminated path. It provides a pseudo-shell for remote command execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: PHP-Nuke Module Addressbook 1.2

No auth needed

Prerequisites: Apache log write permissions · PHP-Nuke Addressbook module installed · Target server with predictable log paths

MITRE ATT&CK