The exploit demonstrates a directory traversal vulnerability in BookSolved 1.2.2 via the 'l' parameter in 'gbook_setcookie.php', allowing remote file disclosure. The PoC URL shows how an attacker can read arbitrary files by manipulating the path.
Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:BookSolved 1.2.2
No auth needed
Prerequisites:Access to the target web application