CVE-2007-2185

Supasite 1.23b - Remote Code Execution via supa[db_path] or supa[include_path] Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2185. PoCs published by GoLd_M.

AI-analyzed exploit summary This is a writeup detailing multiple remote file inclusion vulnerabilities in Supasite v1.23b. It lists various endpoints where the 'supa[db_path]' or 'supa[include_path]' parameters can be manipulated to include arbitrary files.

Description

Multiple PHP remote file inclusion vulnerabilities in Supasite 1.23b allow remote attackers to execute arbitrary PHP code via a URL in the supa[db_path] parameter to (1) common_functions.php, (2) admin_auth_cookies.php, (3) admin_mods.php, (4) admin_news.php, (5) admin_topics.php, (6) admin_users.php, (7) admin_utilities.php, (8) site_comment.php, or (9) site_news.php; or the supa[include_path] parameter to (10) admin_settings.php or (11) backend_site.php.

Exploits (1)

exploitdb WRITEUP VERIFIED

by GoLd_M · textwebappsphp

https://www.exploit-db.com/exploits/3771

View Code ZIP pw:eip

This is a writeup detailing multiple remote file inclusion vulnerabilities in Supasite v1.23b. It lists various endpoints where the 'supa[db_path]' or 'supa[include_path]' parameters can be manipulated to include arbitrary files.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: Supasite v1.23b

No auth needed

Prerequisites: Network access to the target application · Ability to craft HTTP requests to the vulnerable endpoints

MITRE ATT&CK