CVE-2007-2707

Linksnet Newsfeed 1.0 - Remote File Inclusion via dirpath_linksnet_newsfeed Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2707. PoCs published by ThE TiGeR.

AI-analyzed exploit summary This is a writeup describing a Remote File Inclusion (RFI) vulnerability in Linksnet Newsfeed 1.0. The exploit details how an attacker can include a remote file via the 'dirpath_linksnet_newsfeed' parameter in the 'linksnet_linkslog_rss.php' script.

Description

PHP remote file inclusion vulnerability in linksnet_linkslog_rss.php in Linksnet Newsfeed 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the dirpath_linksnet_newsfeed parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by ThE TiGeR · textwebappsphp

https://www.exploit-db.com/exploits/3923

View Code ZIP pw:eip

This is a writeup describing a Remote File Inclusion (RFI) vulnerability in Linksnet Newsfeed 1.0. The exploit details how an attacker can include a remote file via the 'dirpath_linksnet_newsfeed' parameter in the 'linksnet_linkslog_rss.php' script.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: Linksnet Newsfeed 1.0

No auth needed

Prerequisites: Remote file hosting · PHP allow_url_include enabled

MITRE ATT&CK