CVE-2006-2744

F@cile Interactive Web <0.8.6 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-2744.

AI-analyzed exploit summary The exploit demonstrates multiple remote vulnerabilities in F@cile Interactive Web <= 0.8x, including file inclusion, cross-site scripting (XSS), and information disclosure. It provides direct URLs to exploit these vulnerabilities, such as arbitrary file inclusion via null byte injection and XSS through theme parameters.

Description

PHP remote file inclusion vulnerability in p-popupgallery.php in F@cile Interactive Web 0.8.41 through 0.8.5 allows remote attackers to execute arbitrary PHP code via a URL in the l parameter.

Exploits (1)

exploitdb WORKING POC

webappsphp

https://www.exploit-db.com/exploits/1841

View Code ZIP pw:eip

The exploit demonstrates multiple remote vulnerabilities in F@cile Interactive Web <= 0.8x, including file inclusion, cross-site scripting (XSS), and information disclosure. It provides direct URLs to exploit these vulnerabilities, such as arbitrary file inclusion via null byte injection and XSS through theme parameters.

Classification

Working Poc 95%

Attack Type

Info Leak | Xss | Other

Complexity

Trivial

Reliability

Reliable

Target: F@cile Interactive Web <= 0.8x

No auth needed

Prerequisites: Network access to the target web application

MITRE ATT&CK