CVE-2008-0435

ozjournals 2.1.1 - Path Traversal via Print Preview ID Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0435. PoCs published by shinmai.

AI-analyzed exploit summary This is a writeup describing a local file exposure vulnerability in OZJournals 2.1.1. The vulnerability allows an attacker to read sensitive files by manipulating the 'id' parameter in the 'printpreview' functionality, potentially exposing database credentials or other sensitive data.

Description

Directory traversal vulnerability in index.php in OZJournals 2.1.1 allows remote attackers to read portions of arbitrary files via a .. (dot dot) in the id parameter in a printpreview action.

Exploits (1)

exploitdb WRITEUP VERIFIED

by shinmai · textwebappsphp

https://www.exploit-db.com/exploits/4953

View Code ZIP pw:eip

This is a writeup describing a local file exposure vulnerability in OZJournals 2.1.1. The vulnerability allows an attacker to read sensitive files by manipulating the 'id' parameter in the 'printpreview' functionality, potentially exposing database credentials or other sensitive data.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: OZJournals 2.1.1

No auth needed

Prerequisites: Access to the vulnerable OZJournals instance

MITRE ATT&CK