CVE-2008-1512

XS-Mod 2.3.1, 2.4.0 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-1512. PoCs published by bd0rk.

AI-analyzed exploit summary This exploit demonstrates a Local File Inclusion (LFI) vulnerability in phpBB Module XS 2.3.1 by manipulating the 'phpEx' parameter to include arbitrary files (e.g., /etc/passwd). It uses Perl with LWP to send an HTTP request and checks for vulnerability by verifying the presence of 'root' in the response.

Description

Directory traversal vulnerability in admin/admin_xs.php in eXtreme Styles module (XS-Mod) 2.3.1 and 2.4.0 for phpBB allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the phpEx parameter. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by bd0rk · textwebappsphp

https://www.exploit-db.com/exploits/5301

View Code ZIP pw:eip

This exploit demonstrates a Local File Inclusion (LFI) vulnerability in phpBB Module XS 2.3.1 by manipulating the 'phpEx' parameter to include arbitrary files (e.g., /etc/passwd). It uses Perl with LWP to send an HTTP request and checks for vulnerability by verifying the presence of 'root' in the response.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: phpBB Module XS 2.3.1

No auth needed

Prerequisites: Target must have phpBB Module XS 2.3.1 installed · The 'admin_xs.php' file must be accessible · File inclusion must not be mitigated by server configurations

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1005 - Data from Local System

devstral-2 · analyzed Feb 16, 2026 Full analysis →