CVE-2008-7005

Minb Is Not a Blog 0.1.0 - Remote Code Execution via quotes_to_edit Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-7005. PoCs published by Khashayar Fereidani.

AI-analyzed exploit summary This exploit targets a remote code execution vulnerability in minb CMS by injecting PHP code via the 'quotes_to_edit' parameter in '1-random_quote.php'. It fetches a remote shell script and writes it to the target server.

Description

include/modules/top/1-random_quote.php in Minb Is Not a Blog (minb) 0.1.0 allows remote attackers to execute arbitrary PHP code via the quotes_to_edit parameter. NOTE: this issue has been reported as an unrestricted file upload by some sources, but that is a potential consequence of code execution.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Khashayar Fereidani · pythonwebappsphp

https://www.exploit-db.com/exploits/6432

View Code ZIP pw:eip

This exploit targets a remote code execution vulnerability in minb CMS by injecting PHP code via the 'quotes_to_edit' parameter in '1-random_quote.php'. It fetches a remote shell script and writes it to the target server.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: minb CMS 0.1.0

No auth needed

Prerequisites: Target running minb CMS with vulnerable endpoint accessible · Remote shell script hosted on attacker-controlled server

MITRE ATT&CK