Exploitation Summary
EIP tracks 1 public exploit for CVE-2007-5653. PoCs published by shinnai.
AI-analyzed exploit summary This exploit demonstrates a bypass of PHP safe_mode and disable_functions using COM objects in PHP 5.x on Windows. It allows arbitrary command execution, file manipulation, and user creation by leveraging COM components like wscript.shell and Scripting.FileSystemObject.
Description
The Component Object Model (COM) functions in PHP 5.x on Windows do not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by executing objects with the kill bit set in the corresponding ActiveX control Compatibility Flags, executing programs via a function in compatUI.dll, invoking wscript.shell via wscript.exe, invoking Scripting.FileSystemObject via wshom.ocx, and adding users via a function in shgina.dll, related to the com_load_typelib function.
Exploits (1)
This exploit demonstrates a bypass of PHP safe_mode and disable_functions using COM objects in PHP 5.x on Windows. It allows arbitrary command execution, file manipulation, and user creation by leveraging COM components like wscript.shell and Scripting.FileSystemObject.