CVE-2008-2044

netOffice Dwins 1.3 p2 - Unauthenticated Remote Code Execution via demoSession Authentication Bypass

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-2044. PoCs published by RawSecurity.org.

AI-analyzed exploit summary This exploit demonstrates an authentication bypass and arbitrary file upload vulnerability in netOffice Dwins. The HTML form allows attackers to upload files with PHP execution enabled by manipulating the 'demoSession' and 'allowPhp' parameters.

Description

includes/library.php in netOffice Dwins 1.3 p2 compares the demoSession variable to the 'true' string literal instead of the true boolean literal, which allows remote attackers to bypass authentication and execute arbitrary code by setting this variable to 1, as demonstrated by uploading a PHP script via an add action to projects_site/uploadfile.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by RawSecurity.org · textwebappsphp

https://www.exploit-db.com/exploits/31317

View Code ZIP pw:eip

This exploit demonstrates an authentication bypass and arbitrary file upload vulnerability in netOffice Dwins. The HTML form allows attackers to upload files with PHP execution enabled by manipulating the 'demoSession' and 'allowPhp' parameters.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: netOffice Dwins 1.3 p2

No auth needed

Prerequisites: Access to the target web application

MITRE ATT&CK