CVE-2007-1896

Sky GUNNING MySpeach <= 3.0.7 - Directory Traversal via my_ms[root] Cookie

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1896. PoCs published by Xst3nZ.

AI-analyzed exploit summary This is a detailed advisory describing Remote and Local File Inclusion vulnerabilities in MySpeach <= 3.0.7, including conditions for exploitation and proof-of-concept steps. It does not contain executable exploit code but provides technical analysis and PoC instructions.

Description

Directory traversal vulnerability in chat.php in Sky GUNNING MySpeach 3.0.7 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) and trailing %00 (NULL) in a my_ms[root] cookie.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Xst3nZ · textwebappsphp

https://www.exploit-db.com/exploits/3657

View Code ZIP pw:eip

This is a detailed advisory describing Remote and Local File Inclusion vulnerabilities in MySpeach <= 3.0.7, including conditions for exploitation and proof-of-concept steps. It does not contain executable exploit code but provides technical analysis and PoC instructions.

Classification

Writeup 100%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Theoretical

Target: MySpeach <= 3.0.7

No auth needed

Prerequisites: PHP >= 5.0.0 · register_globals = On · allow_url_fopen = On (for RFI)

MITRE ATT&CK