CVE-2008-5705

Verlihub 0.9.8d-RC2 - Remote Command Execution via Trigger Argument Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5705. PoCs published by v4lkyrius.

AI-analyzed exploit summary This is a detailed technical analysis of CVE-2008-5705, a command injection vulnerability in Verlihub <=0.9.8d-RC2. The writeup includes the root cause (unsanitized input in the trigger mechanism), exploit steps, and a patch diff.

Description

The cTrigger::DoIt function in src/ctrigger.cpp in the trigger mechanism in the daemon in Verlihub 0.9.8d-RC2 and earlier, when user triggers are enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in an argument.

Exploits (1)

exploitdb WRITEUP VERIFIED

by v4lkyrius · textremotelinux

https://www.exploit-db.com/exploits/7183

View Code ZIP pw:eip

This is a detailed technical analysis of CVE-2008-5705, a command injection vulnerability in Verlihub <=0.9.8d-RC2. The writeup includes the root cause (unsanitized input in the trigger mechanism), exploit steps, and a patch diff.

Classification

Writeup 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Verlihub <=0.9.8d-RC2

Auth required

Prerequisites: Verlihub configured with allow_exec=1 · User triggers enabled and accepting arguments

MITRE ATT&CK