CVE-2007-5278
zomplog <= 3.8.1 - Unauthenticated Sensitive Information Exposure via Upload Directory
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2007-5278. PoCs published by InATeam.
AI-analyzed exploit summary This PHP script exploits an arbitrary file upload vulnerability in Zomplog <= 3.8.1 by directly accessing the unprotected /admin/upload_files.php endpoint, bypassing authentication, and uploading a malicious file. It handles both directory listing and brute-forcing scenarios to locate the uploaded file.
Description
Zomplog 3.8.1 and earlier stores potentially sensitive information under the web root with insufficient access control, which allows remote attackers to download files that were uploaded by users, as demonstrated by obtaining a directory listing via a direct request to /upload and then retrieving individual files. NOTE: in a non-default configuration, the directory listing is denied, but filenames may be predicable.
Exploits (1)
This PHP script exploits an arbitrary file upload vulnerability in Zomplog <= 3.8.1 by directly accessing the unprotected /admin/upload_files.php endpoint, bypassing authentication, and uploading a malicious file. It handles both directory listing and brute-forcing scenarios to locate the uploaded file.