CVE-2006-0940

ShoutLIVE 1.1.0 - Remote Code Execution via settings.php Variable Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-0940. PoCs published by DarkFig.

AI-analyzed exploit summary This exploit targets a PHP code injection vulnerability in ShoutLIVE <= 1.1.0 by sending a malicious POST request to savesettings.php, allowing arbitrary command execution via a crafted GET parameter. The script establishes a socket connection to inject the payload and then interacts with the compromised system.

Description

Multiple direct static code injection vulnerabilities in savesettings.php in ShoutLIVE 1.1.0 allow remote attackers to execute arbitrary PHP code via variables that are written to settings.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by DarkFig · perlwebappsphp

https://www.exploit-db.com/exploits/1590

View Code ZIP pw:eip

This exploit targets a PHP code injection vulnerability in ShoutLIVE <= 1.1.0 by sending a malicious POST request to savesettings.php, allowing arbitrary command execution via a crafted GET parameter. The script establishes a socket connection to inject the payload and then interacts with the compromised system.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: ShoutLIVE <= 1.1.0

No auth needed

Prerequisites: Network access to the target · ShoutLIVE <= 1.1.0 installed

MITRE ATT&CK