.. / CVE-2014-8676

Exploit for Simple Online Planning Tool <1.3.2 - Local File Inclusion (CVE-2014-8676)

Description:

SOPlanning <1.32 contain a directory traversal in the file_get_contents function via a .. (dot dot) in the fichier parameter.

Nuclei Template

View the template here CVE-2014-8676.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2014/CVE-2014-8676.yaml
Copy

References:

http://packetstormsecurity.com/files/132654/Simple-Online-Planning-Tool-1.3.2-XSS-SQL-Injection-Traversal.html
https://nvd.nist.gov/vuln/detail/CVE-2014-8676
https://www.exploit-db.com/exploits/37604/
https://packetstormsecurity.com/files/132654/Simple-Online-Planning-Tool-1.3.2-XSS-SQL-Injection-Traversal.html
http://seclists.org/fulldisclosure/2015/Jul/44