CVE-2008-5594

Mini Blog 1.0.1 - Path Traversal via Page and Admin Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5594. PoCs published by cOndemned.

AI-analyzed exploit summary This exploit demonstrates a Local File Inclusion (LFI) vulnerability in Mini Blog 1.0.1 by manipulating the 'page' or 'admin' GET parameters to include arbitrary local files via directory traversal sequences. The PoC includes example URLs to read sensitive files like /etc/passwd.

Description

Multiple directory traversal vulnerabilities in index.php in Mini Blog 1.0.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) page and (2) admin parameters.

Exploits (1)

exploitdb WORKING POC VERIFIED

by cOndemned · textwebappsphp

https://www.exploit-db.com/exploits/7374

View Code ZIP pw:eip

This exploit demonstrates a Local File Inclusion (LFI) vulnerability in Mini Blog 1.0.1 by manipulating the 'page' or 'admin' GET parameters to include arbitrary local files via directory traversal sequences. The PoC includes example URLs to read sensitive files like /etc/passwd.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Mini Blog 1.0.1

No auth needed

Prerequisites: Target application must be running Mini Blog 1.0.1 · Remote file inclusion must be enabled or local files must be accessible

MITRE ATT&CK