CVE-2007-2285

Ext JS 1.0 alpha1 - Directory Traversal via Feed Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2285. PoCs published by Alkomandoz Hacker.

AI-analyzed exploit summary This exploit leverages a file disclosure vulnerability in ext 1.0 alpha1's feed-proxy.php script. The script reads and outputs the content of a file specified via the 'feed' parameter without proper validation, allowing directory traversal attacks.

Description

Directory traversal vulnerability in examples/layout/feed-proxy.php in Jack Slocum Ext 1.0 alpha1 (Ext JS) allows remote attackers to read arbitrary files via a .. (dot dot) in the feed parameter. NOTE: analysis by third party researchers indicates that this issue might be platform dependent.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Alkomandoz Hacker · textwebappsphp

https://www.exploit-db.com/exploits/3800

View Code ZIP pw:eip

This exploit leverages a file disclosure vulnerability in ext 1.0 alpha1's feed-proxy.php script. The script reads and outputs the content of a file specified via the 'feed' parameter without proper validation, allowing directory traversal attacks.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: ext 1.0 alpha1

No auth needed

Prerequisites: Access to the vulnerable feed-proxy.php script

MITRE ATT&CK