CVE-2007-6567

XZero Community Classifieds <4.95.11 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-6567. PoCs published by Kw3[R]Ln.

AI-analyzed exploit summary This Perl script exploits a Local File Inclusion (LFI) vulnerability in XZero Community Classifieds <= v4.95.11 by injecting PHP code into Apache log files and then including them via the LFI vulnerability to achieve remote command execution.

Description

Directory traversal vulnerability in index.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pagename parameter in a page view action.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Kw3[R]Ln · perlwebappsphp

https://www.exploit-db.com/exploits/4794

View Code ZIP pw:eip

This Perl script exploits a Local File Inclusion (LFI) vulnerability in XZero Community Classifieds <= v4.95.11 by injecting PHP code into Apache log files and then including them via the LFI vulnerability to achieve remote command execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: XZero Community Classifieds <= v4.95.11

No auth needed

Prerequisites: magic_quotes_gpc = off · Apache log file write permissions

MITRE ATT&CK