CVE-2006-1776

simplog < 0.9.2 - Remote File Inclusion via s Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1776. PoCs published by rgod.

AI-analyzed exploit summary This exploit leverages a file inclusion vulnerability in Simplog <= 0.9.2 by injecting a remote URL via the 's' parameter, leading to remote command execution. The script sends a crafted HTTP request with the malicious payload embedded in cookies.

Description

PHP remote file inclusion vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the s parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · phpwebappsphp

https://www.exploit-db.com/exploits/1663

View Code ZIP pw:eip

This exploit leverages a file inclusion vulnerability in Simplog <= 0.9.2 by injecting a remote URL via the 's' parameter, leading to remote command execution. The script sends a crafted HTTP request with the malicious payload embedded in cookies.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Simplog <= 0.9.2

No auth needed

Prerequisites: allow_url_fopen enabled on the target server · remote server hosting the malicious PHP code

MITRE ATT&CK