CVE-2006-2182

albinator <= 2.0.8 - Remote File Inclusion via Config_rootdir Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-2182. PoCs published by webDEViL.

AI-analyzed exploit summary This exploit leverages a file inclusion vulnerability in Albinator to execute arbitrary commands via a remote shell. It sends HTTP requests with manipulated parameters to include and execute a malicious PHP shell.

Description

Multiple PHP remote file inclusion vulnerabilities in (1) eday.php, (2) eshow.php, or (3) forgot.php in albinator 2.0.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the Config_rootdir parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by webDEViL · perlwebappsphp

https://www.exploit-db.com/exploits/1744

View Code ZIP pw:eip

This exploit leverages a file inclusion vulnerability in Albinator to execute arbitrary commands via a remote shell. It sends HTTP requests with manipulated parameters to include and execute a malicious PHP shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Albinator (version not specified, likely <= 2.3.8 based on code comments)

No auth needed

Prerequisites: Target with Albinator installed and vulnerable to file inclusion · Remote command shell accessible via HTTP

MITRE ATT&CK