CVE-2007-3431

Valerio Capello Dagger - The Cutting Edge r23jan2007 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-3431. PoCs published by Katatafish.

AI-analyzed exploit summary This exploit demonstrates a remote file inclusion vulnerability in Dagger-web engine's cal.func.php due to improper input validation of the dir_edge_lang parameter. An attacker can include a remote shell by manipulating the parameter.

Description

PHP remote file inclusion vulnerability in cal.func.php in Valerio Capello Dagger - The Cutting Edge r23jan2007 allows remote attackers to execute arbitrary PHP code via a URL in the dir_edge_lang parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Katatafish · textwebappsphp

https://www.exploit-db.com/exploits/4097

View Code ZIP pw:eip

This exploit demonstrates a remote file inclusion vulnerability in Dagger-web engine's cal.func.php due to improper input validation of the dir_edge_lang parameter. An attacker can include a remote shell by manipulating the parameter.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Dagger-web engine (version from dagger_r23jan2007.zip)

No auth needed

Prerequisites: Remote shell accessible via URL · Target server with vulnerable Dagger-web engine installation

MITRE ATT&CK