CVE-2006-0869

PEAR LiveUser <= 0.16.8 - Directory Traversal via Remember Me Cookie

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-0869. PoCs published by GulfTech Security.

AI-analyzed exploit summary The writeup describes arbitrary file access and deletion vulnerabilities in PEAR LiveUser due to unsanitized cookie data being used in file operations. The issues stem from improper handling of user-supplied input in `fopen` and `unlink` calls.

Description

Directory traversal vulnerability in the "remember me" feature in liveuser.php in PHP Extension and Application Repository (PEAR) LiveUser 0.16.8 and earlier allows remote attackers to determine file existence, and possibly delete arbitrary files with short pathnames or possibly read arbitrary files, via a .. (dot dot) in the store_id value of a cookie.

Exploits (1)

exploitdb WRITEUP

by GulfTech Security · textwebappsphp

https://www.exploit-db.com/exploits/43834

View Code ZIP pw:eip

The writeup describes arbitrary file access and deletion vulnerabilities in PEAR LiveUser due to unsanitized cookie data being used in file operations. The issues stem from improper handling of user-supplied input in `fopen` and `unlink` calls.

Classification

Writeup 90%

Attack Type

Info Leak | Other

Complexity

Trivial

Reliability

Theoretical

Target: PEAR LiveUser <= 0.16.8

No auth needed

Prerequisites: Victim must have a vulnerable version of PEAR LiveUser installed · Attacker must be able to set arbitrary cookie values

MITRE ATT&CK