CVE-2008-1555

BolinOS 4.6.1 - Remote File Inclusion via _bFileToInclude Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-1555. PoCs published by DSecRG.

AI-analyzed exploit summary This exploit demonstrates multiple vulnerabilities in BolinOS 4.6.1, including Local File Include (LFI), Cross-Site Scripting (XSS), and system information disclosure. The LFI allows arbitrary file reading via path traversal, while XSS vulnerabilities are present in both GET and POST parameters.

Description

Directory traversal vulnerability in system/_b/contentFiles/gbincluder.php in BolinOS 4.6.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the _bFileToInclude parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by DSecRG · textwebappsphp

https://www.exploit-db.com/exploits/5309

View Code ZIP pw:eip

This exploit demonstrates multiple vulnerabilities in BolinOS 4.6.1, including Local File Include (LFI), Cross-Site Scripting (XSS), and system information disclosure. The LFI allows arbitrary file reading via path traversal, while XSS vulnerabilities are present in both GET and POST parameters.

Classification

Working Poc 90%

Attack Type

Xss | Info Leak | Lfi

Complexity

Trivial

Reliability

Reliable

Target: BolinOS 4.6.1

No auth needed

Prerequisites: Network access to the target application

MITRE ATT&CK