CVE-2007-1842

jsboard < 2.0.11 - Directory Traversal via Table Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1842. PoCs published by GoLd_M.

AI-analyzed exploit summary This exploit targets a Local File Inclusion (LFI) vulnerability in jsboard 2.0.10 via the 'table' parameter in login.php. It injects malicious PHP code into Apache log files and then includes the log file to execute arbitrary commands.

Description

Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.

Exploits (1)

exploitdb WORKING POC VERIFIED

by GoLd_M · pythonwebappsphp

https://www.exploit-db.com/exploits/3614

View Code ZIP pw:eip

This exploit targets a Local File Inclusion (LFI) vulnerability in jsboard 2.0.10 via the 'table' parameter in login.php. It injects malicious PHP code into Apache log files and then includes the log file to execute arbitrary commands.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: jsboard 2.0.10

No auth needed

Prerequisites: Apache log file write permissions · jsboard 2.0.10 installation · Network access to the target

MITRE ATT&CK