CVE-2007-5265

dawn_of_time < 1.69s_beta4 - Remote Code Execution via Format String in Username or Password

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-5265. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary The provided text describes a format-string vulnerability in Dawn of Time MUD server versions 1.69s beta4 and 1.69r. It includes a URL example demonstrating the exploit vector but lacks executable code.

Description

Multiple format string vulnerabilities in websrv.cpp in Dawn of Time 1.69s beta4 and earlier allow remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) password fields when accessing certain "restricted zones", which are not properly handled by the (a) processWebHeader and (b) filterWebRequest functions.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Luigi Auriemma · textdosmultiple

https://www.exploit-db.com/exploits/30644

View Code ZIP pw:eip

The provided text describes a format-string vulnerability in Dawn of Time MUD server versions 1.69s beta4 and 1.69r. It includes a URL example demonstrating the exploit vector but lacks executable code.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: Dawn of Time MUD server 1.69s beta4, 1.69r

No auth needed

Prerequisites: Network access to the vulnerable MUD server

MITRE ATT&CK