CVE-2007-2340

phporacleview - Remote Code Execution via page_dir or inc_dir Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2340. PoCs published by Alkomandoz Hacker.

AI-analyzed exploit summary This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in phporacleview due to improper input validation in the 'page_dir' parameter. An attacker can include a remote shell by manipulating the parameter in the URL.

Description

Multiple PHP remote file inclusion vulnerabilities in inc/include_all.inc.php in phporacleview allow remote attackers to execute arbitrary PHP code via a URL in the (1) page_dir or (2) inc_dir parameters.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Alkomandoz Hacker · textwebappsphp

https://www.exploit-db.com/exploits/3803

View Code ZIP pw:eip

This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in phporacleview due to improper input validation in the 'page_dir' parameter. An attacker can include a remote shell by manipulating the parameter in the URL.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: phporacleview (version not specified)

No auth needed

Prerequisites: Remote shell accessible via URL · Target server with vulnerable phporacleview installation

MITRE ATT&CK