CVE-2008-2884

rss_aggregator - Remote Code Execution via Path Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-2884. PoCs published by Ghost Hacker.

AI-analyzed exploit summary This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in RSS-aggregator's display.php due to improper input validation of the 'path' parameter. An attacker can include arbitrary remote files by manipulating the 'path' parameter in the URL.

Description

PHP remote file inclusion vulnerability in display.php in RSS-aggregator allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Ghost Hacker · textwebappsphp

https://www.exploit-db.com/exploits/5900

View Code ZIP pw:eip

This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in RSS-aggregator's display.php due to improper input validation of the 'path' parameter. An attacker can include arbitrary remote files by manipulating the 'path' parameter in the URL.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: RSS-aggregator (version not specified)

No auth needed

Prerequisites: Remote file inclusion must be enabled on the target server · Target server must allow remote URL inclusion

MITRE ATT&CK