This exploit demonstrates a Local File Inclusion (LFI) vulnerability in CAT2 <= 1.2 by manipulating the 'spaw_root' parameter to include arbitrary files (e.g., /etc/passwd) via a null byte injection. The attack leverages improper input validation in the 'spaw_control.class.php' script.
Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:CAT2 <= 1.2
No auth needed
Prerequisites:Access to the vulnerable endpoint · Knowledge of the target file path