CVE-2007-6453

RaidenHTTPD 2.0.19 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-6453. PoCs published by rgod.

AI-analyzed exploit summary This VBScript exploit targets RaidenHTTPD 2.0.19 via unauthenticated directory traversal and command injection. It crafts malicious HTTP requests to execute arbitrary commands, including adding a backdoor user and enabling services like Telnet.

Description

Directory traversal vulnerability in raidenhttpd-admin/workspace.php in RaidenHTTPD 2.0.19, when the WebAdmin function is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ulang parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · remotewindows

https://www.exploit-db.com/exploits/4747

View Code ZIP pw:eip

This VBScript exploit targets RaidenHTTPD 2.0.19 via unauthenticated directory traversal and command injection. It crafts malicious HTTP requests to execute arbitrary commands, including adding a backdoor user and enabling services like Telnet.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: RaidenHTTPD 2.0.19

No auth needed

Prerequisites: Target must be running RaidenHTTPD 2.0.19 with WebAdmin enabled · Network connectivity to the target on port 80

MITRE ATT&CK