CVE-2008-3363

Dokeos E-Learning System <1.8.5 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-3363. PoCs published by DSecRG.

AI-analyzed exploit summary This exploit demonstrates a Local File Include (LFI) vulnerability in Dokeos E-Learning System 1.8.5 via the 'include' parameter in user_portal.php. The vulnerability allows registered users to include arbitrary files by manipulating the GET parameter.

Description

Directory traversal vulnerability in user_portal.php in the Dokeos E-Learning System 1.8.5 on Windows allows remote attackers to include and execute arbitrary local files via a ..\ (dot dot backslash) in the include parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by DSecRG · textwebappsphp

https://www.exploit-db.com/exploits/6149

View Code ZIP pw:eip

This exploit demonstrates a Local File Include (LFI) vulnerability in Dokeos E-Learning System 1.8.5 via the 'include' parameter in user_portal.php. The vulnerability allows registered users to include arbitrary files by manipulating the GET parameter.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Dokeos E-Learning System 1.8.5

Auth required

Prerequisites: Registered user credentials · Access to the user_portal.php script

MITRE ATT&CK