CVE-2007-1726

IceBB 1.0-rc5 - Authenticated Arbitrary File Upload via Avatar Function

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1726. PoCs published by Hessam-x.

AI-analyzed exploit summary This exploit targets IceBB 1.0-rc5 by leveraging an avatar upload vulnerability to achieve remote code execution. It authenticates as a user, uploads a malicious PHP file disguised as an avatar, and then executes arbitrary commands via a web shell.

Description

Unrestricted file upload vulnerability in index.php in IceBB 1.0-rc5 allows remote authenticated users to upload arbitrary files via the avatar function, which can later be accessed in uploads/.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Hessam-x · perlwebappsphp

https://www.exploit-db.com/exploits/3581

View Code ZIP pw:eip

This exploit targets IceBB 1.0-rc5 by leveraging an avatar upload vulnerability to achieve remote code execution. It authenticates as a user, uploads a malicious PHP file disguised as an avatar, and then executes arbitrary commands via a web shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: IceBB 1.0-rc5

Auth required

Prerequisites: Valid user credentials · Avatar upload functionality enabled

MITRE ATT&CK