CVE-2006-1831

sysinfo 1.21 - Remote Code Execution via Name Parameter in systemdoc Action

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1831. PoCs published by rgod.

AI-analyzed exploit summary This PHP script exploits a command injection vulnerability in sysinfo.cgi v1.21 by sending crafted HTTP requests to execute arbitrary commands. It first retrieves the document root via a debug action, then writes a PHP shell to the target, and finally executes commands through the shell.

Description

Direct static code injection vulnerability in sysinfo.cgi in sysinfo 1.21 and possibly other versions before 2.25 allows remote attackers to execute arbitrary commands via a leading ; (semicolon) in the name parameter in a systemdoc action, which is injected into phpinfo.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · phpwebappscgi

https://www.exploit-db.com/exploits/1677

View Code ZIP pw:eip

This PHP script exploits a command injection vulnerability in sysinfo.cgi v1.21 by sending crafted HTTP requests to execute arbitrary commands. It first retrieves the document root via a debug action, then writes a PHP shell to the target, and finally executes commands through the shell.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: sysinfo.cgi v1.21

No auth needed

Prerequisites: Target must have sysinfo.cgi v1.21 installed and accessible · Target must allow outbound HTTP connections to the attacker

MITRE ATT&CK