CVE-2006-1497

ViHor Design - Directory Traversal via Page Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1497. PoCs published by botan.

AI-analyzed exploit summary The provided text describes a remote file inclusion vulnerability in VihorDesign, where unsanitized user input allows inclusion of arbitrary remote files. The example URL demonstrates how an attacker could execute malicious PHP code via the 'page' parameter.

Description

Directory traversal vulnerability in index.php in ViHor Design allows remote attackers to read arbitrary files via the page parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by botan · textwebappsphp

https://www.exploit-db.com/exploits/27466

View Code ZIP pw:eip

The provided text describes a remote file inclusion vulnerability in VihorDesign, where unsanitized user input allows inclusion of arbitrary remote files. The example URL demonstrates how an attacker could execute malicious PHP code via the 'page' parameter.

Classification

Writeup 80%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: VihorDesign (version unspecified)

No auth needed

Prerequisites: Remote file hosting with malicious PHP code · Target server with allow_url_include enabled

MITRE ATT&CK