CVE-2007-1930

cattadoc - Directory Traversal via download2.php fn1 Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1930. PoCs published by GoLd_M.

AI-analyzed exploit summary This exploit leverages a file disclosure vulnerability in cattaDoc 2.21's download2.php script by manipulating the 'fn1' parameter to traverse directories and read arbitrary files, such as /etc/passwd. The vulnerability arises from unsanitized user input in the readfile() function.

Description

Directory traversal vulnerability in download2.php in cattaDoc 2.21, and possibly other versions including 3.0, allows remote attackers to read arbitrary files via a .. (dot dot) in the fn1 parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by GoLd_M · textwebappsphp

https://www.exploit-db.com/exploits/3677

View Code ZIP pw:eip

This exploit leverages a file disclosure vulnerability in cattaDoc 2.21's download2.php script by manipulating the 'fn1' parameter to traverse directories and read arbitrary files, such as /etc/passwd. The vulnerability arises from unsanitized user input in the readfile() function.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: cattaDoc 2.21

No auth needed

Prerequisites: Network access to the vulnerable application

MITRE ATT&CK