CVE-2006-0881

Noah's Classifieds 1.3 - Remote File Inclusion via upperTemplate or lowerTemplate Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-0881. PoCs published by trueend5.

AI-analyzed exploit summary The code describes a remote file inclusion vulnerability in Noah's Classifieds 1.3.0, allowing arbitrary PHP code execution via the 'lowerTemplate' parameter. No actual exploit code is provided, only a description and example URL.

Description

Multiple PHP remote file include vulnerabilities in gorum/gorumlib.php in Noah's Classifieds 1.3, when register_globals is enabled, allow remote attackers to include arbitrary PHP files via the (1) upperTemplate and (2) lowerTemplate parameters, as demonstrated using the lowerTemplate parameter to index.php.

Exploits (1)

exploitdb WRITEUP VERIFIED

by trueend5 · textwebappsphp

https://www.exploit-db.com/exploits/27262

View Code ZIP pw:eip

The code describes a remote file inclusion vulnerability in Noah's Classifieds 1.3.0, allowing arbitrary PHP code execution via the 'lowerTemplate' parameter. No actual exploit code is provided, only a description and example URL.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: Noah's Classifieds 1.3.0

No auth needed

Prerequisites: Access to the vulnerable web application

MITRE ATT&CK