CVE-2006-2121

i-rater Platinum - Remote File Inclusion via include_path Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-2121. PoCs published by O.U.T.L.A.W.

AI-analyzed exploit summary This exploit leverages a remote file inclusion vulnerability in I-RATER Platinum by injecting a malicious PHP file via the 'include_path' parameter. It allows remote command execution by writing a PHP shell to a remote server and executing arbitrary commands.

Description

PHP remote file include vulnerability in admin/config_settings.tpl.php in I-RATER Platinum allows remote attackers to execute arbitrary code via a URL in the include_path parameter. NOTE: this is a different vector, and possibly a different vulnerability, than CVE-2006-1929.

Exploits (1)

exploitdb WORKING POC VERIFIED

by O.U.T.L.A.W · phpwebappsphp

https://www.exploit-db.com/exploits/27763

View Code ZIP pw:eip

This exploit leverages a remote file inclusion vulnerability in I-RATER Platinum by injecting a malicious PHP file via the 'include_path' parameter. It allows remote command execution by writing a PHP shell to a remote server and executing arbitrary commands.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: I-RATER Platinum

No auth needed

Prerequisites: Remote file inclusion vulnerability in I-RATER Platinum · Ability to host a malicious PHP file on a remote server

MITRE ATT&CK