CVE-2008-7076

Kalptaru Infotech Stararticles - Access Control

Title source: rule

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-7076. PoCs published by ZoRLu.

AI-analyzed exploit summary This exploit demonstrates a remote file upload vulnerability in Star Articles 6.0, allowing an attacker to upload a malicious PHP shell via the profile photo upload feature. The PoC includes steps to register, upload a shell, and access it to execute arbitrary commands.

Description

Unrestricted file upload vulnerability in user.modify.profile.php in Kalptaru Infotech Ltd. Star Articles 6.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile photo, then accessing it via a direct request to the file in authorphoto/.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ZoRLu · textwebappsphp

https://www.exploit-db.com/exploits/7251

View Code ZIP pw:eip

This exploit demonstrates a remote file upload vulnerability in Star Articles 6.0, allowing an attacker to upload a malicious PHP shell via the profile photo upload feature. The PoC includes steps to register, upload a shell, and access it to execute arbitrary commands.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Star Articles 6.0

Auth required

Prerequisites: Valid user account on the target system · Access to the profile modification page

MITRE ATT&CK