CVE-2006-2253

Statit 4 (060207) - Remote File Inclusion via statitpath Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-2253. PoCs published by IGNOR3.

AI-analyzed exploit summary This exploit targets a remote file inclusion vulnerability in Statit V4, allowing an attacker to include a malicious PHP shell from a remote server and execute arbitrary commands. The script uses LWP::UserAgent to send crafted HTTP requests to the vulnerable endpoint.

Description

PHP remote file inclusion vulnerability in visible_count_inc.php in Statit 4 (060207) allows remote attackers to execute arbitrary PHP code via a URL in the statitpath parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by IGNOR3 · perlwebappsphp

https://www.exploit-db.com/exploits/1752

View Code ZIP pw:eip

This exploit targets a remote file inclusion vulnerability in Statit V4, allowing an attacker to include a malicious PHP shell from a remote server and execute arbitrary commands. The script uses LWP::UserAgent to send crafted HTTP requests to the vulnerable endpoint.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Statit V4

No auth needed

Prerequisites: Remote PHP shell accessible via HTTP · Vulnerable Statit V4 installation with exposed visible_count_inc.php

MITRE ATT&CK