The exploit demonstrates a pre-authentication command execution vulnerability in BoZoN 2.4 by injecting arbitrary commands into the 'auto_restrict_users.php' file. It allows unauthenticated attackers to either add a user account or execute PHP commands like 'phpinfo()' via crafted HTTP requests.
Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target:BoZoN 2.4
No auth needed
Prerequisites:Network access to the target BoZoN instance