CVE-2006-0685

Virtual Hosting Control System <2.4.7.1 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-0685. PoCs published by Roman Medina-Heigl Hernandez.

AI-analyzed exploit summary This HTML/JavaScript PoC exploits an authentication bypass vulnerability in VHCS (version <= 2.4.7.1) by creating a new admin user via a crafted POST request. The exploit automates the submission of a form to add a user with predefined credentials.

Description

The check_login function in login.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not exit when authentication fails, which allows remote attackers to gain unauthorized access.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Roman Medina-Heigl Hernandez · htmlwebappsphp

https://www.exploit-db.com/exploits/27205

View Code ZIP pw:eip

This HTML/JavaScript PoC exploits an authentication bypass vulnerability in VHCS (version <= 2.4.7.1) by creating a new admin user via a crafted POST request. The exploit automates the submission of a form to add a user with predefined credentials.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Virtual Hosting Control System (VHCS) <= 2.4.7.1

No auth needed

Prerequisites: JavaScript enabled in the browser · Network access to the target VHCS admin interface

MITRE ATT&CK