EXPLOITDB-EDB-7451

EXPLOITDB text VERIFIED WORKING POC
Exploit for CVE-2008-5770 - PHP Weather 2.2.2 - XSS
AI Analysis

This exploit demonstrates a Local File Inclusion (LFI) and Cross-Site Scripting (XSS) vulnerability in phpweather-2.2.2. The LFI is achieved by manipulating the 'language' parameter with a null byte, while the XSS is triggered via the 'make_config.php' script.

Attack Type
LFI | XSS
Complexity
trivial
Reliability
reliable
MITRE ATT&CK
T1190 - Exploit Public-Facing Application T1059.007 - JavaScript
Loading exploit code...
Download ZIP Password: eip
Source
Platform Exploitdb
Type webapps
Platform php
Language text
Files 1
Authors
ahmadbady
Vulnerability
CVE-2008-5770
PHP Weather 2.2.2 - XSS