CVE-2006-1921

PHP Net Tools 2.7.1 - Command Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1921. PoCs published by FOX_MULDER.

AI-analyzed exploit summary This Perl script exploits a command injection vulnerability in PHP Net Tools by sending a crafted POST request to nettools.php with the 'host' parameter set to execute arbitrary commands via pipe (|). The exploit uses LWP to interact with the target and extracts the command output from the response.

Description

nettools.php in PHP Net Tools 2.7.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the host parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by FOX_MULDER · perlwebappsphp

https://www.exploit-db.com/exploits/1695

View Code ZIP pw:eip

This Perl script exploits a command injection vulnerability in PHP Net Tools by sending a crafted POST request to nettools.php with the 'host' parameter set to execute arbitrary commands via pipe (|). The exploit uses LWP to interact with the target and extracts the command output from the response.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: PHP Net Tools (version not specified)

No auth needed

Prerequisites: Target must have PHP Net Tools installed with vulnerable nettools.php accessible · Perl with LWP module installed

MITRE ATT&CK