CVE-2008-3385

php Help Agent 1.0-1.1 Full - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-3385. PoCs published by BeyazKurt.

AI-analyzed exploit summary This exploit demonstrates a Local File Inclusion (LFI) vulnerability in php Help Agent versions 1.1 Full and 1.0. The vulnerability allows an attacker to include arbitrary files via the 'content' parameter in the 'include/head_chat.inc.php' file.

Description

Directory traversal vulnerability in include/head_chat.inc.php in php Help Agent 1.0 and 1.1 Full allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the content parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.

Exploits (1)

exploitdb WORKING POC VERIFIED

by BeyazKurt · textwebappsphp

https://www.exploit-db.com/exploits/6080

View Code ZIP pw:eip

This exploit demonstrates a Local File Inclusion (LFI) vulnerability in php Help Agent versions 1.1 Full and 1.0. The vulnerability allows an attacker to include arbitrary files via the 'content' parameter in the 'include/head_chat.inc.php' file.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: php Help Agent v1.1 Full & 1.0

No auth needed

Prerequisites: Access to the vulnerable endpoint

MITRE ATT&CK