CVE-2006-1573

MediaSlash Gallery - Remote File Inclusion via rub Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1573. PoCs published by Morocco Security Team.

AI-analyzed exploit summary The provided text describes a remote file inclusion vulnerability in MediaSlash Gallery due to improper input sanitization. An attacker can exploit this to execute arbitrary PHP code by including a remote file via the 'rub' parameter.

Description

PHP remote file inclusion vulnerability in index.php in MediaSlash Gallery allows remote attackers to execute arbitrary PHP code via a URL in the rub parameter (part of the $page_menu variable).

Exploits (1)

exploitdb WRITEUP VERIFIED

by Morocco Security Team · textwebappsphp

https://www.exploit-db.com/exploits/27534

View Code ZIP pw:eip

The provided text describes a remote file inclusion vulnerability in MediaSlash Gallery due to improper input sanitization. An attacker can exploit this to execute arbitrary PHP code by including a remote file via the 'rub' parameter.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: MediaSlash Gallery (version not specified)

No auth needed

Prerequisites: Access to the vulnerable application · Ability to host a malicious PHP file on a remote server

MITRE ATT&CK