CVE-2008-5765

WorkSimple 1.2.1 - Unauthenticated Sensitive Information Exposure via Direct Request

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5765. PoCs published by Osirys.

AI-analyzed exploit summary The writeup describes a Remote File Inclusion (RFI) vulnerability in WorkSimple 1.2.1 due to an undeclared $lang variable in calendar.php, allowing remote shell inclusion. It also mentions a sensitive data disclosure issue where user credentials are stored in plaintext in a .txt file.

Description

WorkSimple 1.2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for data/usr.txt.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Osirys · textwebappsphp

https://www.exploit-db.com/exploits/7481

View Code ZIP pw:eip

The writeup describes a Remote File Inclusion (RFI) vulnerability in WorkSimple 1.2.1 due to an undeclared $lang variable in calendar.php, allowing remote shell inclusion. It also mentions a sensitive data disclosure issue where user credentials are stored in plaintext in a .txt file.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: WorkSimple 1.2.1

No auth needed

Prerequisites: Network access to the target application · PHP remote file inclusion enabled on the server

MITRE ATT&CK