CVE-2009-0643

Simple PHP News 1.0 - Code Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-0643. PoCs published by Osirys.

AI-analyzed exploit summary This exploit targets a remote command execution vulnerability in Simple PHP News 1.0 Final by injecting malicious PHP code into the 'post' parameter, which is then executed via the 'display.php' script. It requires Magic Quotes to be off and provides an interactive shell upon successful exploitation.

Description

Static code injection vulnerability in post.php in Simple PHP News 1.0 final allows remote attackers to inject arbitrary PHP code into news.txt via the post parameter, and then execute the code via a direct request to display.php. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Osirys · perlwebappsphp

https://www.exploit-db.com/exploits/7999

View Code ZIP pw:eip

This exploit targets a remote command execution vulnerability in Simple PHP News 1.0 Final by injecting malicious PHP code into the 'post' parameter, which is then executed via the 'display.php' script. It requires Magic Quotes to be off and provides an interactive shell upon successful exploitation.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Simple PHP News 1.0 Final

No auth needed

Prerequisites: Magic Quotes must be disabled on the target server · Target must be running Simple PHP News 1.0 Final

MITRE ATT&CK