CVE-2006-3340

Pearl For Mambo 1.6 - Remote File Inclusion via phpbb_root_path and GlobalSettings[templatesDirectory] Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-3340. PoCs published by Kw3[R]Ln.

AI-analyzed exploit summary This exploit demonstrates a remote file inclusion vulnerability in Pearl For Mambo <= 1.6 due to unsanitized input in the $GlobalSettings[templatesDirectory] variable when register_globals is enabled. The PoC provides multiple URLs to exploit the vulnerability by injecting malicious scripts.

Description

Multiple PHP remote file inclusion vulnerabilities in Pearl For Mambo module 1.6 for Mambo, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the (1) phpbb_root_path parameter in (a) includes/functions_cms.php and the (2) GlobalSettings[templatesDirectory] parameter in multiple files in the "includes" directory including (b) adminSensored.php, (c) adminBoards.php, (d) adminAttachments.php, (e) adminAvatars.php, (f) adminBackupdatabase.php, (g) adminBanned.php, (h) adminForums.php, (i) adminPolls.php, (j) adminSmileys.php, (k) poll.php, and (l) move.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Kw3[R]Ln · textwebappsphp

https://www.exploit-db.com/exploits/1956

View Code ZIP pw:eip

This exploit demonstrates a remote file inclusion vulnerability in Pearl For Mambo <= 1.6 due to unsanitized input in the $GlobalSettings[templatesDirectory] variable when register_globals is enabled. The PoC provides multiple URLs to exploit the vulnerability by injecting malicious scripts.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Pearl For Mambo <= 1.6

No auth needed

Prerequisites: register_globals=on · access to vulnerable URLs

MITRE ATT&CK