CVE-2006-2768

METAjour 2.1 - Remote File Inclusion via system_path Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-2768. PoCs published by Kacper.

AI-analyzed exploit summary This exploit demonstrates a remote file inclusion vulnerability in metajour 2.1 by manipulating the 'system_path' parameter in multiple PHP scripts. The attacker can include arbitrary remote scripts, potentially leading to remote code execution.

Description

PHP remote file inclusion vulnerability in METAjour 2.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the (1) system_path parameter in a large number of files in the (a) app/edocument/, (b) app/eproject/, (c) app/erek/, and (d) extension/ directories, and the (2) GLOBALS[system_path] parameter in (e) extension/sitemap/sitemap.datatype.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Kacper · textwebappsphp

https://www.exploit-db.com/exploits/1855

View Code ZIP pw:eip

This exploit demonstrates a remote file inclusion vulnerability in metajour 2.1 by manipulating the 'system_path' parameter in multiple PHP scripts. The attacker can include arbitrary remote scripts, potentially leading to remote code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: metajour 2.1

No auth needed

Prerequisites: Access to the target web application · Ability to host malicious scripts on a remote server

MITRE ATT&CK