CVE-2006-3105

Bitweaver 1.3 - HTTP Response Splitting

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-3105. PoCs published by rgod.

AI-analyzed exploit summary This exploit targets a file upload vulnerability in bitweaver <= v1.3, allowing remote code execution by uploading a malicious file with a double extension (e.g., suntzu.php.xxx) to the temp/articles/ directory. The exploit leverages a race condition to execute commands before the temporary file is deleted.

Description

CRLF injection vulnerability in Bitweaver 1.3 allows remote attackers to conduct HTTP response splitting attacks by via CRLF sequences in multiple unspecified parameters that are injected into HTTP headers, as demonstrated by the BWSESSION parameter in index.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · phpwebappsphp

https://www.exploit-db.com/exploits/1918

View Code ZIP pw:eip

This exploit targets a file upload vulnerability in bitweaver <= v1.3, allowing remote code execution by uploading a malicious file with a double extension (e.g., suntzu.php.xxx) to the temp/articles/ directory. The exploit leverages a race condition to execute commands before the temporary file is deleted.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Racy

Target: bitweaver <= v1.3

No auth needed

Prerequisites: Access to the articles/edit.php page · Ability to upload files

MITRE ATT&CK