CVE-2008-6929

PHPStore Auto Classifieds - Authenticated Arbitrary File Upload via Logo Upload

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6929. PoCs published by ZoRLu.

AI-analyzed exploit summary This exploit leverages a file upload vulnerability in PHP Store Auto Classifieds by disguising a PHP shell as a GIF file. The attacker uploads a malicious PHP file with a GIF header, bypassing file type restrictions to achieve remote code execution.

Description

Unrestricted file upload vulnerability in PHPStore Auto Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a logo, then accessing it via a direct request to the file in cars/cars_images/.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ZoRLu · textwebappsphp

https://www.exploit-db.com/exploits/7082

View Code ZIP pw:eip

This exploit leverages a file upload vulnerability in PHP Store Auto Classifieds by disguising a PHP shell as a GIF file. The attacker uploads a malicious PHP file with a GIF header, bypassing file type restrictions to achieve remote code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: PHP Store Auto Classifieds

Auth required

Prerequisites: Valid user account on the target system · Access to the profile edit page with file upload functionality

MITRE ATT&CK