CVE-2008-6522
OpenTerracotta 0.6.1 - Path Traversal via CurrentDirectory or File Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2008-6522. PoCs published by Joseph Giron.
AI-analyzed exploit summary The provided code is a writeup describing a local file inclusion vulnerability in Terracotta due to improper input sanitization. It includes a proof-of-concept URL demonstrating directory traversal to access local files.
Description
Multiple directory traversal vulnerabilities in the RenderFile function in ContentRender.class.php in Terracotta (aka OpenTerracotta) 0.6.1, and possibly other versions, allow remote attackers to list arbitrary directories and read arbitrary files via a .. (dot dot) in the (1) CurrentDirectory and (2) File parameters to index.php.
Exploits (1)
The provided code is a writeup describing a local file inclusion vulnerability in Terracotta due to improper input sanitization. It includes a proof-of-concept URL demonstrating directory traversal to access local files.