CVE-2008-0230

osDate 2.0.8 - Remote Code Execution via php121dir Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0230. PoCs published by Cold Zero.

AI-analyzed exploit summary This exploit demonstrates a Local File Include (LFI) vulnerability in osData <= 2.08 due to improper input validation in the 'php121dir' parameter. The vulnerability allows an attacker to include arbitrary local files by appending a null byte (%00) to the file path.

Description

PHP remote file inclusion vulnerability in php121db.php in osDate 2.0.8 and possibly earlier versions allows remote attackers to execute arbitrary PHP code via a URL in the php121dir parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Cold Zero · textwebappsphp

https://www.exploit-db.com/exploits/4870

View Code ZIP pw:eip

This exploit demonstrates a Local File Include (LFI) vulnerability in osData <= 2.08 due to improper input validation in the 'php121dir' parameter. The vulnerability allows an attacker to include arbitrary local files by appending a null byte (%00) to the file path.

Classification

Working Poc 90%

Attack Type

Lfi

Complexity

Trivial

Reliability

Reliable

Target: osData <= 2.08

No auth needed

Prerequisites: Access to the vulnerable endpoint · Knowledge of the target file path

MITRE ATT&CK