CVE-2006-3042

ISPConfig 2.2.3 - Remote File Inclusion via go_info Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-3042. PoCs published by Federico Fazzi.

AI-analyzed exploit summary The provided text describes multiple remote file inclusion vulnerabilities in ISPConfig 2.2.3 due to improper input sanitization. It lists URLs where an attacker can inject arbitrary PHP code via the 'go_info' parameter.

Description

Multiple PHP remote file inclusion vulnerabilities in ISPConfig 2.2.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) go_info[isp][classes_root] parameter in (a) server.inc.php, and the (2) go_info[server][classes_root] parameter in (b) app.inc.php, (c) login.php, and (d) trylogin.php. NOTE: this issue has been disputed by the vendor, who states that the original researcher "reviewed the installation tarball that is not identical with the resulting system after installtion. The file, where the $go_info array is declared ... is created by the installer.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Federico Fazzi · textwebappsphp

https://www.exploit-db.com/exploits/28027

View Code ZIP pw:eip

The provided text describes multiple remote file inclusion vulnerabilities in ISPConfig 2.2.3 due to improper input sanitization. It lists URLs where an attacker can inject arbitrary PHP code via the 'go_info' parameter.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: ISPConfig 2.2.3

No auth needed

Prerequisites: Access to vulnerable ISPConfig installation · Ability to host malicious PHP code on a remote server

MITRE ATT&CK