CVE-2008-0427

bloofoxCMS 0.3 - Path Traversal via File Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0427. PoCs published by BugReport.IR.

AI-analyzed exploit summary This writeup describes SQL injection and source code disclosure vulnerabilities in Bloofox CMS 0.3. The SQLi allows authentication bypass via crafted input, while the source disclosure enables arbitrary file reads via directory traversal.

Description

Directory traversal vulnerability in file.php in bloofoxCMS 0.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by BugReport.IR · textwebappsphp

https://www.exploit-db.com/exploits/4945

View Code ZIP pw:eip

This writeup describes SQL injection and source code disclosure vulnerabilities in Bloofox CMS 0.3. The SQLi allows authentication bypass via crafted input, while the source disclosure enables arbitrary file reads via directory traversal.

Classification

Writeup 90%

Attack Type

Sqli | Info Leak | Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Bloofox CMS 0.3

No auth needed

Prerequisites: Magic quotes disabled · Access to login page and file.php

MITRE ATT&CK