CVE-2007-3096

PBLang < 4.67.16.a - Directory Traversal via Lang Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-3096. PoCs published by Silentz.

AI-analyzed exploit summary This exploit targets a remote code execution vulnerability in PBLang <= 4.67.16.a by injecting PHP code into log files via a crafted HTTP request. It then attempts to execute arbitrary commands by accessing the injected code through a path traversal vulnerability.

Description

Directory traversal vulnerability in login.php in PBLang (PBL) 4.67.16.a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Silentz · phpwebappsphp

https://www.exploit-db.com/exploits/4036

View Code ZIP pw:eip

This exploit targets a remote code execution vulnerability in PBLang <= 4.67.16.a by injecting PHP code into log files via a crafted HTTP request. It then attempts to execute arbitrary commands by accessing the injected code through a path traversal vulnerability.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: PBLang <= 4.67.16.a

No auth needed

Prerequisites: Target server running PBLang <= 4.67.16.a · Access to the target server's web interface · Write permissions to log files

MITRE ATT&CK