CVE-2006-1819

phpwebsite < 0.10.2 - Directory Traversal and Remote Code Execution via hub_dir Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1819. PoCs published by rgod.

AI-analyzed exploit summary This exploit targets PHPWebSite <= 0.10.2 by leveraging a local file inclusion vulnerability in the 'hub_dir' parameter to inject PHP code into log files, achieving remote command execution. It works when 'magic_quotes_gpc' is disabled.

Description

Directory traversal vulnerability in the loadConfig function in index.php in phpWebSite 0.10.2 and earlier allows remote attackers to include arbitrary local files and execute arbitrary PHP code via the hub_dir parameter, as demonstrated by including access_log. NOTE: in some cases, arbitrary remote file inclusion could be performed under PHP 5 using an SMB share argument such as "\\systemname\sharename".

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · phpwebappsphp

https://www.exploit-db.com/exploits/1673

View Code ZIP pw:eip

This exploit targets PHPWebSite <= 0.10.2 by leveraging a local file inclusion vulnerability in the 'hub_dir' parameter to inject PHP code into log files, achieving remote command execution. It works when 'magic_quotes_gpc' is disabled.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: PHPWebSite <= 0.10.2

No auth needed

Prerequisites: PHPWebSite <= 0.10.2 · magic_quotes_gpc = Off · Write access to log files

MITRE ATT&CK