CVE-2009-0250

Ryneezy phoSheezy 0.2 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-0250. PoCs published by Osirys.

AI-analyzed exploit summary This exploit targets a remote command execution vulnerability in Phosheezy 2.0 by extracting the admin password, logging in, and injecting malicious PHP code into a template to achieve RCE. It then provides an interactive shell for command execution.

Description

Ryneezy phoSheezy 0.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the file containing the administrator's password hash via a direct request for config/password.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Osirys · perlwebappsphp

https://www.exploit-db.com/exploits/7780

View Code ZIP pw:eip

This exploit targets a remote command execution vulnerability in Phosheezy 2.0 by extracting the admin password, logging in, and injecting malicious PHP code into a template to achieve RCE. It then provides an interactive shell for command execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Phosheezy 2.0

No auth needed

Prerequisites: Target must be running Phosheezy 2.0 with accessible admin interface · Network access to the target web server

MITRE ATT&CK