CVE-2008-5167

Boonex Orca 2.0 and 2.0.2 - Remote Code Execution via gConf[dir][layouts] Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5167. PoCs published by Ciph3r.

AI-analyzed exploit summary This exploit demonstrates a remote file inclusion (RFI) vulnerability in Orca Interactive Forum Script 2.0.beta2. The vulnerability allows an attacker to include and execute arbitrary remote PHP code by manipulating the `gConf[dir][layouts]` parameter in the `params.php` file.

Description

PHP remote file inclusion vulnerability in layout/default/params.php in Boonex Orca 2.0 and 2.0.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the gConf[dir][layouts] parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Ciph3r · textwebappsphp

https://www.exploit-db.com/exploits/5955

View Code ZIP pw:eip

This exploit demonstrates a remote file inclusion (RFI) vulnerability in Orca Interactive Forum Script 2.0.beta2. The vulnerability allows an attacker to include and execute arbitrary remote PHP code by manipulating the `gConf[dir][layouts]` parameter in the `params.php` file.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Orca Interactive Forum Script 2.0.beta2

No auth needed

Prerequisites: Remote PHP file hosting · Network access to the target

MITRE ATT&CK