Exploitation Summary
EIP tracks 1 public exploit for CVE-2008-1371. PoCs published by THE_MILLER.
AI-analyzed exploit summary This exploit demonstrates a local file inclusion (LFI) vulnerability in Drake CMS 0.4.11_RC8 due to improper input sanitization. By manipulating the 'd_root' parameter, an attacker can read arbitrary files (e.g., /etc/passwd) via null byte injection.
Description
Absolute path traversal vulnerability in install/index.php in Drake CMS 0.4.11 RC8 allows remote attackers to read and execute arbitrary files via a full pathname in the d_root parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Exploits (1)
This exploit demonstrates a local file inclusion (LFI) vulnerability in Drake CMS 0.4.11_RC8 due to improper input sanitization. By manipulating the 'd_root' parameter, an attacker can read arbitrary files (e.g., /etc/passwd) via null byte injection.