CVE-2008-0613

XOOPS 2.0.18 - Open Redirect via xoops_redirect Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0613. PoCs published by DSecRG.

AI-analyzed exploit summary This exploit demonstrates a Local File Include (LFI) vulnerability in XOOPS 2.0.18 via the 'lang' POST parameter in htdocs/install/index.php, allowing arbitrary file inclusion and potential command execution. It also highlights a URL redirection phishing vulnerability in htdocs/user.php.

Description

Open redirect vulnerability in htdocs/user.php in XOOPS 2.0.18 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the xoops_redirect parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by DSecRG · textwebappsphp

https://www.exploit-db.com/exploits/5057

View Code ZIP pw:eip

This exploit demonstrates a Local File Include (LFI) vulnerability in XOOPS 2.0.18 via the 'lang' POST parameter in htdocs/install/index.php, allowing arbitrary file inclusion and potential command execution. It also highlights a URL redirection phishing vulnerability in htdocs/user.php.

Classification

Working Poc 90%

Attack Type

Lfi

Complexity

Trivial

Reliability

Reliable

Target: XOOPS 2.0.18

No auth needed

Prerequisites: Access to the vulnerable XOOPS installation · Ability to send crafted POST requests

MITRE ATT&CK