CVE-2007-6566

XZero Community Classifieds <4.95.11 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-6566. PoCs published by Kw3[R]Ln.

AI-analyzed exploit summary This Perl script exploits a Local File Inclusion (LFI) vulnerability in XZero Community Classifieds <= v4.95.11 by injecting PHP code into Apache log files and then including them via the LFI vulnerability to achieve remote command execution.

Description

SQL injection vulnerability in post.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to execute arbitrary SQL commands via the subcatid parameter to index.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Kw3[R]Ln · perlwebappsphp

https://www.exploit-db.com/exploits/4794

View Code ZIP pw:eip

This Perl script exploits a Local File Inclusion (LFI) vulnerability in XZero Community Classifieds <= v4.95.11 by injecting PHP code into Apache log files and then including them via the LFI vulnerability to achieve remote command execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: XZero Community Classifieds <= v4.95.11

No auth needed

Prerequisites: magic_quotes_gpc = off · Apache log file write permissions

MITRE ATT&CK