The exploit demonstrates a local file inclusion (LFI) vulnerability in vbShout 5.2.2 via the 'do' parameter in modcp/vbshout.php and admincp/vbshout.php. The vulnerability allows authenticated users (mod/admin) to include arbitrary files using path traversal and a null-byte termination.
Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:vbShout 5.2.2
Auth required
Prerequisites:Authenticated access as moderator or admin · vbShout 5.2.2 installed