Exploitation Summary
EIP tracks 1 public exploit for CVE-2008-1492. PoCs published by 0x90.
AI-analyzed exploit summary This exploit demonstrates Local File Inclusion (LFI) vulnerabilities in phpAddressBook v2.11 by manipulating the 'skin' parameter to include arbitrary files, such as 'config.php', via directory traversal and null byte injection.
Description
Multiple directory traversal vulnerabilities in CoronaMatrix phpAddressBook 2.11 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skin parameter to (1) index.php and (2) install.php. NOTE: it was later reported that vector 1 is also present in 2.0.
Exploits (1)
This exploit demonstrates Local File Inclusion (LFI) vulnerabilities in phpAddressBook v2.11 by manipulating the 'skin' parameter to include arbitrary files, such as 'config.php', via directory traversal and null byte injection.