CVE-2007-6459

Anon Proxy Server 0.100-0.101 - Command Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-6459. PoCs published by Michael Brooks.

AI-analyzed exploit summary This exploit demonstrates a command injection vulnerability in Anon Proxy Server 0.100 via the 'host' parameter in diagdns.php and diagconnect.php. The vulnerability arises due to insufficient sanitization of user input, allowing arbitrary command execution despite magic_quotes_gpc being enabled.

Description

Anon Proxy Server 0.100, and probably 0.101, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the host parameter to diagdns.php, and (2) the host parameter and possibly (3) the port parameter to diagconnect.php, a different vulnerability than CVE-2007-6460.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Michael Brooks · textwebappsphp

https://www.exploit-db.com/exploits/4734

View Code ZIP pw:eip

This exploit demonstrates a command injection vulnerability in Anon Proxy Server 0.100 via the 'host' parameter in diagdns.php and diagconnect.php. The vulnerability arises due to insufficient sanitization of user input, allowing arbitrary command execution despite magic_quotes_gpc being enabled.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Anon Proxy Server 0.100

No auth needed

Prerequisites: Network access to the target server · Anon Proxy Server 0.100 running with vulnerable PHP scripts

MITRE ATT&CK