CVE-2006-2745

F@cile Interactive Web <0.8.5 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-2745.

AI-analyzed exploit summary The exploit demonstrates multiple remote vulnerabilities in F@cile Interactive Web <= 0.8x, including file inclusion, XSS, and information disclosure. It provides direct URLs to exploit these vulnerabilities, such as arbitrary file reads via null byte injection and path traversal.

Description

Multiple PHP remote file inclusion vulnerabilities in F@cile Interactive Web 0.8.5 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) pathfile parameter in (a) p-editpage.php and (b) p-editbox.php, and the (2) mytheme and (3) myskin parameters in multiple "p-themes" index.inc.php files including (c) lowgraphic, (d) classic, (e) puzzle, (f) simple, and (g) ciao.

Exploits (1)

exploitdb WORKING POC

webappsphp

https://www.exploit-db.com/exploits/1841

View Code ZIP pw:eip

The exploit demonstrates multiple remote vulnerabilities in F@cile Interactive Web <= 0.8x, including file inclusion, XSS, and information disclosure. It provides direct URLs to exploit these vulnerabilities, such as arbitrary file reads via null byte injection and path traversal.

Classification

Working Poc 95%

Attack Type

Info Leak | Xss | Other

Complexity

Trivial

Reliability

Reliable

Target: F@cile Interactive Web <= 0.8x

No auth needed

Prerequisites: Network access to the target web application

MITRE ATT&CK