CVE-2007-2988

Inout Meta Search Engine - Code Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2988. PoCs published by BlackHawk.

AI-analyzed exploit summary This exploit targets a remote code execution vulnerability in Inout Search Engine by injecting a PHP shell via a crafted POST request to the admin/create_engine.php endpoint. The exploit leverages insufficient input validation and lack of proper authentication checks to execute arbitrary commands.

Description

A certain admin script in Inout Meta Search Engine sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a request to admin/create_engine.php followed by a request to admin/generate_tabs.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by BlackHawk · phpwebappsphp

https://www.exploit-db.com/exploits/4004

View Code ZIP pw:eip

This exploit targets a remote code execution vulnerability in Inout Search Engine by injecting a PHP shell via a crafted POST request to the admin/create_engine.php endpoint. The exploit leverages insufficient input validation and lack of proper authentication checks to execute arbitrary commands.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Inout Search Engine (all versions)

No auth needed

Prerequisites: Network access to the target server · Inout Search Engine installed and accessible

MITRE ATT&CK