CVE-2008-0459

Liquidsilvercms - Path Traversal

Title source: rule

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0459. PoCs published by Stack.

AI-analyzed exploit summary This is a writeup describing a Local File Inclusion (LFI) vulnerability in Liquid-Silver CMS. It provides an exploit path and examples for reading arbitrary files, including system files like /etc/passwd, by manipulating the 'update' parameter in the index.php script.

Description

Directory traversal vulnerability in update/index.php in Liquid-Silver CMS 0.35, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the update parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Stack · textwebappsphp

https://www.exploit-db.com/exploits/4976

View Code ZIP pw:eip

This is a writeup describing a Local File Inclusion (LFI) vulnerability in Liquid-Silver CMS. It provides an exploit path and examples for reading arbitrary files, including system files like /etc/passwd, by manipulating the 'update' parameter in the index.php script.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Liquid-Silver CMS (version not specified)

No auth needed

Prerequisites: Access to the vulnerable Liquid-Silver CMS instance

MITRE ATT&CK