CVE-2008-2970

Academic Web Tools < 1.4.2.8 - Session Fixation via PHPSESSID Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-2970. PoCs published by BugReport.IR.

AI-analyzed exploit summary This exploit demonstrates multiple vulnerabilities in Academic Web Tools CMS, including directory traversal, SQL injection, XSS, and session fixation. It provides functional proof-of-concept examples for each vulnerability.

Description

Multiple session fixation vulnerabilities in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allow remote attackers to hijack web sessions by setting the PHPSESSID parameter to (1) index.php and (2) login.php in homepg/.

Exploits (1)

exploitdb WORKING POC VERIFIED

by BugReport.IR · textwebappsphp

https://www.exploit-db.com/exploits/5861

View Code ZIP pw:eip

This exploit demonstrates multiple vulnerabilities in Academic Web Tools CMS, including directory traversal, SQL injection, XSS, and session fixation. It provides functional proof-of-concept examples for each vulnerability.

Classification

Working Poc 90%

Attack Type

Sqli | Xss | Info Leak | Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Academic Web Tools CMS 1.4.2.8 and prior

No auth needed

Prerequisites: Access to the target web application

MITRE ATT&CK