CVE-2008-6930

PHPStore Real Estate - Authenticated Arbitrary File Upload via Logo Image

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6930. PoCs published by ZoRLu.

AI-analyzed exploit summary This exploit demonstrates a remote file upload vulnerability in PHP Store Real Estate software by bypassing file extension checks via a GIF header. The attacker uploads a malicious PHP file disguised as an image to achieve remote code execution.

Description

Unrestricted file upload vulnerability in PHPStore Real Estate allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a logo, then accessing it via a direct request to the file in realty/re_images/.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ZoRLu · textwebappsphp

https://www.exploit-db.com/exploits/7085

View Code ZIP pw:eip

This exploit demonstrates a remote file upload vulnerability in PHP Store Real Estate software by bypassing file extension checks via a GIF header. The attacker uploads a malicious PHP file disguised as an image to achieve remote code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: PHP Store Real Estate

Auth required

Prerequisites: Valid user account on the target system · Access to the profile edit page with file upload functionality

MITRE ATT&CK