CVE-2006-0687

DocMGR 0.54.2 - Remote File Inclusion via Uninitialized $siteModInfo Variable

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-0687. PoCs published by rgod.

AI-analyzed exploit summary This PHP script exploits a remote command execution vulnerability in DocMGR <= 0.54.2 by leveraging arbitrary file inclusion and command injection via the 'process.php' module. It sends a crafted HTTP request to include a remote file and execute arbitrary commands.

Description

process.php in DocMGR 0.54.2 does not initialize the $siteModInfo variable when a direct request is made, which allows remote attackers to include arbitrary local files or possibly remote files via a modified includeModule and siteModInfo variable.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · phpwebappsphp

https://www.exploit-db.com/exploits/1491

View Code ZIP pw:eip

This PHP script exploits a remote command execution vulnerability in DocMGR <= 0.54.2 by leveraging arbitrary file inclusion and command injection via the 'process.php' module. It sends a crafted HTTP request to include a remote file and execute arbitrary commands.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: DocMGR <= 0.54.2

No auth needed

Prerequisites: PHP5 with short_open_tag and register_globals enabled · Network access to the target · Remote FTP location to host malicious PHP code

MITRE ATT&CK