This exploit demonstrates a Local File Inclusion (LFI) vulnerability in openSite v0.2.2-beta. The vulnerability allows an attacker to include arbitrary files via the 'db_driver' parameter in multiple PHP scripts, potentially leading to information disclosure or remote code execution if combined with log poisoning.
Classification
Working Poc 90%
Attack Type
Lfi
Complexity
Trivial
Reliability
Reliable
Target:openSite v0.2.2-beta
No auth needed
Prerequisites:Access to the vulnerable web application