Exploitation Summary
EIP tracks 2 public exploits for CVE-2008-1606. PoCs published by Daniel Martin Gomez.
AI-analyzed exploit summary The provided text describes multiple input-validation vulnerabilities in Elastic Path, including local file inclusion, arbitrary file upload, and directory traversal. It includes a proof-of-concept URL for directory traversal but lacks executable exploit code.
Description
Multiple directory traversal vulnerabilities in Elastic Path (EP) 4.1 and 4.1.1 allow remote attackers to (1) download arbitrary files via a .. (dot dot) in the file parameter to manager/getImportFileRedirect.jsp, (2) upload arbitrary files via a "..\" (dot dot backslash) in the file parameter to importData.jsp, and (3) list directory contents via a .. (dot dot) in the dir parameter to manager/fileManager.jsp.
Exploits (2)
The provided text describes multiple input-validation vulnerabilities in Elastic Path, including local file inclusion, arbitrary file upload, and directory traversal. It includes a proof-of-concept URL for directory traversal but lacks executable exploit code.
The provided text describes multiple input-validation vulnerabilities in Elastic Path, including local file inclusion, arbitrary file upload, and directory traversal. It includes a proof-of-concept URL for directory traversal but lacks executable exploit code.