CVE-2006-0971

DirectContact 0.3b - Directory Traversal via URL

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-0971. PoCs published by Donato Ferrante.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in DirectContact, allowing an attacker to retrieve arbitrary files from the vulnerable system by manipulating the URL path. The proof of concept shows accessing the 'windows/system.ini' file via a crafted HTTP GET request.

Description

Directory traversal vulnerability in Lionel Reyero DirectContact 0.3b allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Donato Ferrante · textremotewindows

https://www.exploit-db.com/exploits/27325

View Code ZIP pw:eip

This exploit demonstrates a directory traversal vulnerability in DirectContact, allowing an attacker to retrieve arbitrary files from the vulnerable system by manipulating the URL path. The proof of concept shows accessing the 'windows/system.ini' file via a crafted HTTP GET request.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: DirectContact (version not specified)

No auth needed

Prerequisites: Network access to the vulnerable DirectContact application

MITRE ATT&CK