CVE-2008-3763

Turnkey PHP Live Helper <2.0.1 - Code Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-3763. PoCs published by GulfTech Security.

AI-analyzed exploit summary The writeup details multiple vulnerabilities in PHP Live Helper <= 2.0.1, including SQL injection, arbitrary variable overwriting, and remote code execution via register globals emulation flaws. It provides technical analysis and proof-of-concept examples for each vulnerability.

Description

Variable overwrite vulnerability in libsecure.php in Turnkey PHP Live Helper 2.0.1 and earlier, when register_globals is enabled, allows remote attackers to overwrite arbitrary variables related to the db config file. NOTE: this can be leveraged for code injection by overwriting the language file.

Exploits (1)

exploitdb WRITEUP VERIFIED

by GulfTech Security · textwebappsphp

https://www.exploit-db.com/exploits/6261

View Code ZIP pw:eip

The writeup details multiple vulnerabilities in PHP Live Helper <= 2.0.1, including SQL injection, arbitrary variable overwriting, and remote code execution via register globals emulation flaws. It provides technical analysis and proof-of-concept examples for each vulnerability.

Classification

Writeup 100%

Attack Type

Sqli | Rce | Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: PHP Live Helper <= 2.0.1

No auth needed

Prerequisites: Network access to the target application

MITRE ATT&CK