CVE-2007-6471

phpay 2.02.01 - Path Traversal via Config Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-6471. PoCs published by Michael Brooks.

AI-analyzed exploit summary This exploit demonstrates a local file inclusion vulnerability in phPay due to improper input sanitization, allowing unauthorized file access and script execution on Windows systems. The PoC includes URLs that bypass protection mechanisms, especially when 'magic_quotes_gpc' is enabled.

Description

Incomplete blacklist vulnerability in main.php in phPay 2.02.01 on Windows allows remote attackers to conduct directory traversal attacks and include and execute arbitrary local files via a ..\ (dot dot backslash) in the config parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Michael Brooks · textwebappsphp

https://www.exploit-db.com/exploits/30887

View Code ZIP pw:eip

This exploit demonstrates a local file inclusion vulnerability in phPay due to improper input sanitization, allowing unauthorized file access and script execution on Windows systems. The PoC includes URLs that bypass protection mechanisms, especially when 'magic_quotes_gpc' is enabled.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: phPay v2.02a

No auth needed

Prerequisites: Target running phPay v2.02a on a Windows system · PHP 'magic_quotes_gpc' directive may be enabled

MITRE ATT&CK