CVE-2008-1725

IBiz E-Banking Integrator <2.0.2932 - Code Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-1725. PoCs published by shinnai.

AI-analyzed exploit summary This exploit targets an insecure method in IBiz E-Banking Integrator V2 ActiveX Edition, allowing arbitrary file creation via the WriteOFXDataFile method. The PoC demonstrates file creation on the local filesystem without authentication.

Description

The IBizEBank.FIProfile.1 ActiveX control in fiprofile20.ocx in IBiz E-Banking Integrator (formerly IBiz OFX Integrator) 2.0.2932 exposes the unsafe WriteOFXDataFile method, which allows remote attackers to overwrite arbitrary files via a full pathname in the argument. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by shinnai · htmlremotewindows

https://www.exploit-db.com/exploits/5416

View Code ZIP pw:eip

This exploit targets an insecure method in IBiz E-Banking Integrator V2 ActiveX Edition, allowing arbitrary file creation via the WriteOFXDataFile method. The PoC demonstrates file creation on the local filesystem without authentication.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: IBiz E-Banking Integrator V2 ActiveX Edition

No auth needed

Prerequisites: ActiveX control must be installed and accessible

MITRE ATT&CK