CVE-2008-6931

PHPStore Job Search - Authenticated Remote Code Execution via Resume Photo Upload

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6931. PoCs published by ZoRLu.

AI-analyzed exploit summary This exploit leverages a file upload vulnerability in PHPStore Job Search, allowing an attacker to upload a malicious PHP file disguised as an image (GIF) by prepending 'GIF89a;' to the shell code. The exploit requires user interaction to upload the file and then access it via a direct link.

Description

Unrestricted file upload vulnerability in PHPStore Job Search (aka PHPCareers) allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a resume photo, then accessing it via a direct request to the file in jobseekers/jobseeker_profile_images.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ZoRLu · textwebappsphp

https://www.exploit-db.com/exploits/7083

View Code ZIP pw:eip

This exploit leverages a file upload vulnerability in PHPStore Job Search, allowing an attacker to upload a malicious PHP file disguised as an image (GIF) by prepending 'GIF89a;' to the shell code. The exploit requires user interaction to upload the file and then access it via a direct link.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: PHPStore Job Search (version not specified)

Auth required

Prerequisites: Access to the job search registration page · Ability to upload a file · Knowledge of the direct link to the uploaded file

MITRE ATT&CK