CVE-2008-0175

GE Fanuc Proficy Real-Time Information Portal < 2.6 - Remote Code Execution via Unrestricted File Upload

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0175. PoCs published by Kevin Finisterre.

AI-analyzed exploit summary This exploit targets a directory traversal and file write vulnerability in GE Fanuc Real Time Information Portal 2.6. It leverages SOAP API calls to write a malicious executable and a JSP shell, then executes the payload via HTTP request.

Description

Unrestricted file upload vulnerability in GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the main virtual directory.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Kevin Finisterre · rubyremotewindows

https://www.exploit-db.com/exploits/6921

View Code ZIP pw:eip

This exploit targets a directory traversal and file write vulnerability in GE Fanuc Real Time Information Portal 2.6. It leverages SOAP API calls to write a malicious executable and a JSP shell, then executes the payload via HTTP request.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: GE Fanuc Real Time Information Portal 2.6

Auth required

Prerequisites: Network access to the target · Valid credentials or ability to bypass authentication · SOAP API exposed on port 80

MITRE ATT&CK