Exploitation Summary
EIP tracks 4 public exploits for CVE-2013-7190. PoCs published by i-Hmx.
AI-analyzed exploit summary The exploit leverages a null byte injection vulnerability in iScripts AutoHoster to bypass file extension checks and read arbitrary files, such as the configuration file. This is achieved by appending a null byte (%00) to the file path, effectively truncating the intended file extension.
Description
Multiple directory traversal vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to read arbitrary files via the (1) tmpid parameter to websitebuilder/showtemplateimage.php, (2) fname parameter to admin/downloadfile.php, or (3) id parameter to support/admin/csvdownload.php; or (4) have an unspecified impact via unspecified vectors in support/parser/main_smtp.php.
Exploits (4)
The exploit leverages a null byte injection vulnerability in iScripts AutoHoster to bypass file extension checks and read arbitrary files, such as the configuration file. This is achieved by appending a null byte (%00) to the file path, effectively truncating the intended file extension.
The provided text describes a vulnerability in iScripts AutoHoster but does not include functional exploit code. It references a vulnerable endpoint (`/support/parser/main_smtp.php`) and mentions insufficient sanitization of user-supplied data, but lacks technical details or PoC code.
This exploit leverages a directory traversal vulnerability in iScripts AutoHoster's csvdownload.php script, allowing an attacker to read arbitrary files by manipulating the 'id' parameter. The PoC demonstrates accessing the configuration file via path traversal and null byte injection.
This exploit leverages a directory traversal vulnerability in iScripts AutoHoster's downloadfile.php script to read arbitrary files, including sensitive configuration files. The vulnerability arises from insufficient sanitization of the 'fname' parameter, allowing path traversal via '../' sequences.