CVE-2006-0164

phgstats - Remote Code Execution via PHGDIR Variable Manipulation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-0164. PoCs published by bd0rk.

AI-analyzed exploit summary This exploit targets a remote file inclusion vulnerability in PostNuke Module phgstats 0.5 by injecting a remote command shell via the 'phgdir' parameter. It uses LWP::UserAgent to send crafted HTTP requests to execute arbitrary commands on the target system.

Description

phgstats.inc.php in phgstats before 0.5.1, if register_globals is enabled, allows remote attackers to include arbitrary files and execute arbitrary PHP code by modifying the PHGDIR variable.

Exploits (1)

exploitdb WORKING POC VERIFIED

by bd0rk · perlwebappsphp

https://www.exploit-db.com/exploits/3454

View Code ZIP pw:eip

This exploit targets a remote file inclusion vulnerability in PostNuke Module phgstats 0.5 by injecting a remote command shell via the 'phgdir' parameter. It uses LWP::UserAgent to send crafted HTTP requests to execute arbitrary commands on the target system.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: PostNuke Module phgstats 0.5

No auth needed

Prerequisites: Target must have phgstats 0.5 installed · Remote command shell must be accessible · PHP allow_url_include must be enabled

MITRE ATT&CK