CVE-2007-2569

Friendly < 1.0d1 - Remote File Inclusion via friendly_path Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2569. PoCs published by GoLd_M.

AI-analyzed exploit summary This exploit demonstrates a remote file inclusion vulnerability in Friendly 1.0d1 by manipulating the 'friendly_path' parameter in multiple PHP scripts. The attacker can include a remote shell or malicious file by appending the path to the vulnerable parameter.

Description

Multiple PHP remote file inclusion vulnerabilities in Friendly 1.0d1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the friendly_path parameter to (1) core/data/yaml.inc.php, or _load.php in (2) core/data/, (3) core/display/, or (4) core/support/.

Exploits (1)

exploitdb WORKING POC VERIFIED

by GoLd_M · textwebappsphp

https://www.exploit-db.com/exploits/3864

View Code ZIP pw:eip

This exploit demonstrates a remote file inclusion vulnerability in Friendly 1.0d1 by manipulating the 'friendly_path' parameter in multiple PHP scripts. The attacker can include a remote shell or malicious file by appending the path to the vulnerable parameter.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Friendly 1.0d1

No auth needed

Prerequisites: Remote file inclusion must be enabled on the target server · Attacker must be able to reach the target with a crafted URL

MITRE ATT&CK