CVE-2006-3069

DoubleSpeak 0.1 - Remote File Inclusion via config[private] Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-3069. PoCs published by R@1D3N.

AI-analyzed exploit summary The provided text describes a remote file inclusion vulnerability in DoubleSpeak versions 0.1 and prior, where unsanitized user input allows arbitrary remote file inclusion and execution of malicious PHP code. The example URLs demonstrate how an attacker could exploit this to execute system commands.

Description

PHP remote file inclusion vulnerability in DoubleSpeak 0.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the config[private] parameter in multiple files, as demonstrated by (1) index.php, (2) faq.php, and (3) hardware.php. NOTE: this issue has been disputed by multiple third-party researchers, who state that config[private] is initialized in an include file before being used

Exploits (1)

exploitdb WRITEUP VERIFIED

by R@1D3N · textwebappsphp

https://www.exploit-db.com/exploits/28016

View Code ZIP pw:eip

The provided text describes a remote file inclusion vulnerability in DoubleSpeak versions 0.1 and prior, where unsanitized user input allows arbitrary remote file inclusion and execution of malicious PHP code. The example URLs demonstrate how an attacker could exploit this to execute system commands.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: DoubleSpeak 0.1 and prior

No auth needed

Prerequisites: Network access to the target application · Ability to host a malicious file on a remote server

MITRE ATT&CK