CVE-2008-1541

HIS Webshop 2.50 - Path Traversal via t Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-1541. PoCs published by Zero X.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in HIS-Webshop due to improper validation of the 't' parameter. It allows an attacker to read arbitrary files on the server, such as '/etc/passwd', by manipulating the parameter.

Description

Directory traversal vulnerability in cgi-bin/his-webshop.pl in HIS Webshop 2.50 allows remote attackers to read arbitrary files via a .. (dot dot) in the t parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Zero X · textwebappscgi

https://www.exploit-db.com/exploits/5304

View Code ZIP pw:eip

This exploit demonstrates a directory traversal vulnerability in HIS-Webshop due to improper validation of the 't' parameter. It allows an attacker to read arbitrary files on the server, such as '/etc/passwd', by manipulating the parameter.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: HIS-Webshop (version not specified)

No auth needed

Prerequisites: Access to the vulnerable CGI script

MITRE ATT&CK