CVE-2008-1537

PowerScripts PowerBook 1.21 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-1537. PoCs published by DSecRG.

AI-analyzed exploit summary This exploit demonstrates a Local File Include (LFI) vulnerability in PowerBook 1.21. The vulnerability arises due to improper input validation in the 'page' parameter, allowing an attacker to include arbitrary files when REGISTER_GLOBALS is enabled in PHP.

Description

Directory traversal vulnerability in pb_inc/admincenter/index.php in PowerScripts PowerBook 1.21 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.

Exploits (1)

exploitdb WORKING POC VERIFIED

by DSecRG · textwebappsphp

https://www.exploit-db.com/exploits/5302

View Code ZIP pw:eip

This exploit demonstrates a Local File Include (LFI) vulnerability in PowerBook 1.21. The vulnerability arises due to improper input validation in the 'page' parameter, allowing an attacker to include arbitrary files when REGISTER_GLOBALS is enabled in PHP.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: PowerBook 1.21

No auth needed

Prerequisites: REGISTER_GLOBALS must be enabled in PHP configuration

MITRE ATT&CK