CVE-2009-2110

DB Top Sites 1.0 - Path Traversal via u Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-2110. PoCs published by SirGod.

AI-analyzed exploit summary This exploit demonstrates a Local File Inclusion (LFI) vulnerability in DB Top Sites v1.0. The vulnerable code in index.php allows arbitrary file inclusion via the 'u' parameter, enabling attackers to read sensitive files like BOOTSECT.BAK.

Description

Multiple directory traversal vulnerabilities in DB Top Sites 1.0, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the u parameter to (1) full.php, (2) index.php, and (3) contact.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by SirGod · textwebappsphp

https://www.exploit-db.com/exploits/8952

View Code ZIP pw:eip

This exploit demonstrates a Local File Inclusion (LFI) vulnerability in DB Top Sites v1.0. The vulnerable code in index.php allows arbitrary file inclusion via the 'u' parameter, enabling attackers to read sensitive files like BOOTSECT.BAK.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: DB Top Sites v1.0

No auth needed

Prerequisites: Access to the vulnerable web application

MITRE ATT&CK