CVE-2006-3102

bitweaver 1.3 - Remote Code Execution via Double Extension File Upload

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-3102. PoCs published by rgod.

AI-analyzed exploit summary This exploit targets a file upload vulnerability in bitweaver <= v1.3, allowing remote code execution by uploading a malicious file with a double extension (e.g., suntzu.php.xxx) to the temp/articles/ directory. The exploit leverages a race condition to execute commands before the temporary file is deleted.

Description

Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · phpwebappsphp

https://www.exploit-db.com/exploits/1918

View Code ZIP pw:eip

This exploit targets a file upload vulnerability in bitweaver <= v1.3, allowing remote code execution by uploading a malicious file with a double extension (e.g., suntzu.php.xxx) to the temp/articles/ directory. The exploit leverages a race condition to execute commands before the temporary file is deleted.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Racy

Target: bitweaver <= v1.3

No auth needed

Prerequisites: Access to the articles/edit.php page · Ability to upload files

MITRE ATT&CK