CVE-2008-4155

EasySite 2.3 - Path Traversal via Module or Action Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4155. PoCs published by SirGod.

AI-analyzed exploit summary This exploit demonstrates Local File Inclusion (LFI) and arbitrary directory listing vulnerabilities in EasySite v2.3. It provides multiple URLs to access sensitive files and directory contents without authentication.

Description

Multiple directory traversal vulnerabilities in EasySite 2.3 allow remote attackers to read arbitrary files or list directories via a .. (dot dot) in the (1) module or (2) action parameter in (a) www/index.php; the (3) module, (4) ss_module, or (5) ss_action parameter in (b) modules/Module/index.php or (c) modules/Themes/index.php; or the (6) module parameter in (d) inc/vmenu.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by SirGod · textwebappsphp

https://www.exploit-db.com/exploits/6288

View Code ZIP pw:eip

This exploit demonstrates Local File Inclusion (LFI) and arbitrary directory listing vulnerabilities in EasySite v2.3. It provides multiple URLs to access sensitive files and directory contents without authentication.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: EasySite v2.3

No auth needed

Prerequisites: Network access to the target web application

MITRE ATT&CK