CVE-2015-5353

Novius OS 5.0.1 - Path Traversal via Tab Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-5353. PoCs published by hyp3rlinx.

AI-analyzed exploit summary This advisory details multiple vulnerabilities in Novius-OS 5.0.1-elche, including persistent XSS via 'media_title' and 'menu_title' fields, LFI via the 'tab' parameter, and an open redirect via the 'redirect' parameter. The document provides proof-of-concept URLs and steps to exploit these issues.

Description

Directory traversal vulnerability in Novius OS 5.0.1 (Elche) allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tab parameter to admin/.

Exploits (1)

exploitdb WRITEUP

by hyp3rlinx · textwebappsphp

https://www.exploit-db.com/exploits/37439

View Code ZIP pw:eip

This advisory details multiple vulnerabilities in Novius-OS 5.0.1-elche, including persistent XSS via 'media_title' and 'menu_title' fields, LFI via the 'tab' parameter, and an open redirect via the 'redirect' parameter. The document provides proof-of-concept URLs and steps to exploit these issues.

Classification

Writeup 90%

Attack Type

Xss | Info Leak | Other

Complexity

Trivial

Reliability

Reliable

Target: Novius-OS 5.0.1-elche

Auth required

Prerequisites: Access to admin panel · Valid session for XSS exploitation

MITRE ATT&CK