Exploitation Summary
EIP tracks 1 public exploit for CVE-2006-1688. PoCs published by uid0.
AI-analyzed exploit summary This Perl script exploits a remote file inclusion vulnerability in SQuery <= 4.5 by injecting a malicious PHP shell via the 'libpath' parameter in 'armygame.php'. It allows remote command execution by fetching and executing arbitrary code from an attacker-controlled server.
Description
Multiple PHP remote file inclusion vulnerabilities in SQuery 4.5 and earlier, as used in products such as Autonomous LAN party (ALP), allow remote attackers to execute arbitrary PHP code via a URL in the libpath parameter to scripts in the lib directory including (1) ase.php, (2) devi.php, (3) doom3.php, (4) et.php, (5) flashpoint.php, (6) gameSpy.php, (7) gameSpy2.php, (8) gore.php, (9) gsvari.php, (10) halo.php, (11) hlife.php, (12) hlife2.php, (13) igi2.php, (14) main.lib.php, (15) netpanzer.php, (16) old_hlife.php, (17) pkill.php, (18) q2a.php, (19) q3a.php, (20) qworld.php, (21) rene.php, (22) rvbshld.php, (23) savage.php, (24) simracer.php, (25) sof1.php, (26) sof2.php, (27) unreal.php, (28) ut2004.php, and (29) vietcong.php. NOTE: the lib/armygame.php vector is already covered by CVE-2006-1610. The provenance of most of these additional vectors is unknown, although likely from post-disclosure analysis. NOTE: this only occurs when register_globals is disabled.
Exploits (1)
This Perl script exploits a remote file inclusion vulnerability in SQuery <= 4.5 by injecting a malicious PHP shell via the 'libpath' parameter in 'armygame.php'. It allows remote command execution by fetching and executing arbitrary code from an attacker-controlled server.