CVE-2007-6405

Sergey Lyubka Simple HTTPD <1.38 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-6405. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary This is a writeup detailing two vulnerabilities in Simple HTTPD (shttpd) <= 1.38: directory traversal and script/CGI source disclosure. The document provides URLs to exploit these issues but does not include executable code.

Description

Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows remote attackers to download arbitrary CGI programs or scripts via a URI with an appended (1) '+' character, (2) '.' character, (3) %2e sequence (hex-encoded dot), or (4) hex-encoded character greater than 0x7f. NOTE: the %20 vector is already covered by CVE-2007-3407.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Luigi Auriemma · textremotewindows

https://www.exploit-db.com/exploits/4700

View Code ZIP pw:eip

This is a writeup detailing two vulnerabilities in Simple HTTPD (shttpd) <= 1.38: directory traversal and script/CGI source disclosure. The document provides URLs to exploit these issues but does not include executable code.

Classification

Writeup 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Simple HTTPD (shttpd) <= 1.38

No auth needed

Prerequisites: network access to the target server

MITRE ATT&CK