CVE-2006-0502

FarsiNews < 2.1_beta2 - Remote File Inclusion via loginout.php cutepath Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-0502. PoCs published by Hamid Ebadi.

AI-analyzed exploit summary The provided text describes a remote file inclusion vulnerability in FarsiNews 2.1 Beta2 and earlier. It explains the issue and provides a sample exploit URL but does not include functional exploit code.

Description

PHP remote file inclusion vulnerability in loginout.php in FarsiNews 2.1 Beta 2 and earlier, with register_globals enabled, allows remote attackers to include arbitrary files via a URL in the cutepath parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Hamid Ebadi · textwebappsphp

https://www.exploit-db.com/exploits/27154

View Code ZIP pw:eip

The provided text describes a remote file inclusion vulnerability in FarsiNews 2.1 Beta2 and earlier. It explains the issue and provides a sample exploit URL but does not include functional exploit code.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: FarsiNews 2.1 Beta2 and earlier

No auth needed

Prerequisites: Remote file hosting with malicious PHP code · Target server with vulnerable FarsiNews installation

MITRE ATT&CK