CVE-2008-5938

MODx CMS <0.9.6.2 - Remote Code Execution

Title source: manual

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5938. PoCs published by RoMaNcYxHaCkEr.

AI-analyzed exploit summary This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in MODx CMS <= 0.9.6.2 via the `reflect_base` parameter in `snippet.reflect.php` and an XSS vulnerability in the `index.php` file via the `username` POST parameter.

Description

PHP remote file inclusion vulnerability in assets/snippets/reflect/snippet.reflect.php in MODx CMS 0.9.6.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the reflect_base parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by RoMaNcYxHaCkEr · textwebappsphp

https://www.exploit-db.com/exploits/7204

View Code ZIP pw:eip

This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in MODx CMS <= 0.9.6.2 via the `reflect_base` parameter in `snippet.reflect.php` and an XSS vulnerability in the `index.php` file via the `username` POST parameter.

Classification

Working Poc 90%

Attack Type

Rce | Xss

Complexity

Trivial

Reliability

Reliable

Target: MODx CMS <= 0.9.6.2

No auth needed

Prerequisites: Remote file inclusion requires an attacker-controlled server hosting malicious code · XSS requires user interaction via POST request

MITRE ATT&CK