CVE-2006-1749

phpListPro <= 2.01 - Remote Code Execution via config.php returnpath Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1749.

AI-analyzed exploit summary The exploit demonstrates a remote file inclusion vulnerability in phpListPro <= 2.01 by injecting a malicious URL into the 'returnpath' parameter, allowing arbitrary code execution. The provided URLs show how an attacker can include a remote script to execute commands like 'ls -laF'.

Description

PHP remote file inclusion vulnerability in config.php in phpListPro 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the returnpath parameter. NOTE: this issue was later reported to affect 2.01 as well.

Exploits (1)

exploitdb WORKING POC

webappsphp

https://www.exploit-db.com/exploits/1769

View Code ZIP pw:eip

The exploit demonstrates a remote file inclusion vulnerability in phpListPro <= 2.01 by injecting a malicious URL into the 'returnpath' parameter, allowing arbitrary code execution. The provided URLs show how an attacker can include a remote script to execute commands like 'ls -laF'.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: phpListPro <= 2.01

No auth needed

Prerequisites: Access to the target application's URL · Ability to host a malicious script on a remote server

MITRE ATT&CK