CVE-2007-2762

Build it Fast 0.4.1 - Remote File Inclusion via PEAR Directory or System Directory Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2762. PoCs published by Alkomandoz Hacker.

AI-analyzed exploit summary This is a writeup describing a remote file inclusion vulnerability in bif3-0.4.1. It lists multiple exploit paths but does not include functional exploit code or payloads.

Description

Multiple PHP remote file inclusion vulnerabilities in Build it Fast (bif3) 0.4.1 allow remote attackers to execute arbitrary PHP code via a URL in (1) the pear_dir parameter to Base/Application.php, or the (2) sys_dir parameter to (a) Footer.php, (b) widget.BifContainer.php, (c) widget.BifRoot.php, (d) widget.BifRoot2.php, (e) widget.BifRoot3.php, or (f) widget.BifWarning.php in Widgets/Base/.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Alkomandoz Hacker · textwebappsphp

https://www.exploit-db.com/exploits/3947

View Code ZIP pw:eip

This is a writeup describing a remote file inclusion vulnerability in bif3-0.4.1. It lists multiple exploit paths but does not include functional exploit code or payloads.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: bif3 <= 0.4.1

No auth needed

Prerequisites: network access to the target application · vulnerable version of bif3 installed

MITRE ATT&CK