CVE-2008-4522

JMweb MP3 Music Audio Search and Download Script - Path Traversal via src Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4522. PoCs published by SirGod.

AI-analyzed exploit summary This exploit demonstrates a Local File Inclusion (LFI) vulnerability in JMweb MP3 (src) by manipulating the 'src' parameter in 'listen.php' and 'download.php' with null byte termination to read arbitrary local files.

Description

Multiple directory traversal vulnerabilities in JMweb MP3 Music Audio Search and Download Script allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the src parameter to (1) listen.php and (2) download.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by SirGod · textwebappsphp

https://www.exploit-db.com/exploits/6669

View Code ZIP pw:eip

This exploit demonstrates a Local File Inclusion (LFI) vulnerability in JMweb MP3 (src) by manipulating the 'src' parameter in 'listen.php' and 'download.php' with null byte termination to read arbitrary local files.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: JMweb MP3 (src)

No auth needed

Prerequisites: Target must have JMweb MP3 (src) installed · File paths must be known or guessable

MITRE ATT&CK