CVE-2008-4780

MyForum 1.3 - Path Traversal via padmin Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4780. PoCs published by Vrs-hCk.

AI-analyzed exploit summary This exploit demonstrates a Local File Inclusion (LFI) vulnerability in MyForum 1.3 via the 'padmin' parameter in 'admin/centre.php'. The vulnerability arises due to improper input validation, allowing an attacker to include arbitrary local files by appending a null byte (%00).

Description

Directory traversal vulnerability in admin/centre.php in MyForum 1.3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the padmin parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Vrs-hCk · textwebappsphp

https://www.exploit-db.com/exploits/6846

View Code ZIP pw:eip

This exploit demonstrates a Local File Inclusion (LFI) vulnerability in MyForum 1.3 via the 'padmin' parameter in 'admin/centre.php'. The vulnerability arises due to improper input validation, allowing an attacker to include arbitrary local files by appending a null byte (%00).

Classification

Working Poc 90%

Attack Type

Lfi

Complexity

Trivial

Reliability

Reliable

Target: MyForum 1.3

No auth needed

Prerequisites: Access to the target URL · Knowledge of the vulnerable parameter

MITRE ATT&CK