CVE-2008-5919

WebSVN < 2.0 - Path Traversal and Arbitrary File Write via RSS Rev Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5919. PoCs published by GulfTech Security.

AI-analyzed exploit summary This is a detailed technical writeup describing multiple vulnerabilities in WebSVN <= 2.0, including XSS, arbitrary file creation, and PHP code execution. It provides code snippets, exploitation techniques, and root cause analysis.

Description

Directory traversal vulnerability in rss.php in WebSVN 2.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to overwrite arbitrary files via directory traversal sequences in the rev parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by GulfTech Security · textwebappsphp

https://www.exploit-db.com/exploits/6822

View Code ZIP pw:eip

This is a detailed technical writeup describing multiple vulnerabilities in WebSVN <= 2.0, including XSS, arbitrary file creation, and PHP code execution. It provides code snippets, exploitation techniques, and root cause analysis.

Classification

Writeup 95%

Attack Type

Xss | Other

Complexity

Moderate

Reliability

Reliable

Target: WebSVN <= 2.0

No auth needed

Prerequisites: Access to the WebSVN application

MITRE ATT&CK