CVE-2006-2868

Claroline 1.7.6 - Remote File Inclusion via includePath Cookie

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-2868. PoCs published by rgod.

AI-analyzed exploit summary This exploit targets a remote command execution vulnerability in Claroline <= 1.7.6 by manipulating the 'includePath' parameter to include a malicious remote file. It requires specific PHP configurations (register_globals=On, allow_url_fopen=On) and a remote server hosting the payload.

Description

Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.6 allow remote attackers to execute arbitrary PHP code via a URL in the includePath cookie to (1) auth/extauth/drivers/mambo.inc.php or (2) auth/extauth/drivers/postnuke.inc.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · phpwebappsphp

https://www.exploit-db.com/exploits/1877

View Code ZIP pw:eip

This exploit targets a remote command execution vulnerability in Claroline <= 1.7.6 by manipulating the 'includePath' parameter to include a malicious remote file. It requires specific PHP configurations (register_globals=On, allow_url_fopen=On) and a remote server hosting the payload.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Claroline <= 1.7.6

No auth needed

Prerequisites: register_globals=On · allow_url_fopen=On · remote server hosting malicious file

MITRE ATT&CK