CVE-2006-2270

Jetbox CMS 2.1 - Remote File Inclusion via relative_script_path Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-2270. PoCs published by beford.

AI-analyzed exploit summary This exploit leverages a remote file inclusion vulnerability in JetBox CMS by injecting a malicious URL into the 'relative_script_path' parameter, allowing arbitrary command execution via a remote shell. The script uses LWP::UserAgent to send crafted HTTP requests to include and execute a remote PHP shell.

Description

PHP remote file inclusion vulnerability in includes/config.php in Jetbox CMS 2.1 allows remote attackers to execute arbitrary code via a URL in the relative_script_path parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by beford · perlwebappsphp

https://www.exploit-db.com/exploits/1761

View Code ZIP pw:eip

This exploit leverages a remote file inclusion vulnerability in JetBox CMS by injecting a malicious URL into the 'relative_script_path' parameter, allowing arbitrary command execution via a remote shell. The script uses LWP::UserAgent to send crafted HTTP requests to include and execute a remote PHP shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: JetBox CMS (version not specified, but uses vulnerable phpdig)

No auth needed

Prerequisites: Remote PHP shell accessible via URL · Network access to the target JetBox CMS instance

MITRE ATT&CK