Exploitation Summary
EIP tracks 1 public exploit for CVE-2008-5204. PoCs published by CraCkEr.
AI-analyzed exploit summary This exploit demonstrates Local File Inclusion (LFI) and Cross-Site Scripting (XSS) vulnerabilities in PowerAward 1.1.0 RC1. The LFI allows arbitrary file inclusion via the 'lang' parameter in multiple PHP scripts, while the XSS is triggered via the 'l_vote_done' parameter in external_vote.php.
Description
Multiple directory traversal vulnerabilities in PowerAward 1.1.0 RC1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the lang parameter to (1) agb.php, (2) angemeldet.php, (3) anmelden.php, (4) charts.php, (5) external_vote.php, (6) guestbook.php, (7) impressum.php, (8) index.php, (9) rss-reader.php, (10) statistic.php, (11) teilnehmer.php, (12) topsites.php, (13) votecode.php, (14) voting.php, and (15) winner.php.
Exploits (1)
This exploit demonstrates Local File Inclusion (LFI) and Cross-Site Scripting (XSS) vulnerabilities in PowerAward 1.1.0 RC1. The LFI allows arbitrary file inclusion via the 'lang' parameter in multiple PHP scripts, while the XSS is triggered via the 'l_vote_done' parameter in external_vote.php.