CVE-2006-2928

CMS-Bandits 2.5 - Remote File Inclusion via spaw_root Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-2928. PoCs published by Federico Fazzi.

AI-analyzed exploit summary This exploit demonstrates a remote file disclosure vulnerability in cms-bandits 2.5 by manipulating the 'spaw_root' parameter in two PHP scripts to include and execute arbitrary files.

Description

Multiple PHP remote file inclusion vulnerabilities in CMS-Bandits 2.5 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter in (1) dialogs/img.php and (2) dialogs/td.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Federico Fazzi · textwebappsphp

https://www.exploit-db.com/exploits/1890

View Code ZIP pw:eip

This exploit demonstrates a remote file disclosure vulnerability in cms-bandits 2.5 by manipulating the 'spaw_root' parameter in two PHP scripts to include and execute arbitrary files.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: cms-bandits 2.5

No auth needed

Prerequisites: access to the target web server

MITRE ATT&CK