CVE-2006-3683

flipper_poll < 1.1 - Remote File Inclusion via poll.php root_path Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-3683. PoCs published by Mehmet Ince.

AI-analyzed exploit summary This is a writeup describing a remote file inclusion vulnerability in Flipper Poll v1.1.0 due to improper handling of the 'root_path' parameter in poll.php. The exploit suggests appending a malicious script path to the parameter to achieve remote code execution.

Description

PHP remote file inclusion vulnerability in poll.php in Flipper Poll 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Mehmet Ince · textwebappsphp

https://www.exploit-db.com/exploits/3253

View Code ZIP pw:eip

This is a writeup describing a remote file inclusion vulnerability in Flipper Poll v1.1.0 due to improper handling of the 'root_path' parameter in poll.php. The exploit suggests appending a malicious script path to the parameter to achieve remote code execution.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: Flipper Poll v1.1.0

No auth needed

Prerequisites: Remote file inclusion must be enabled on the server · Attacker must be able to host a malicious script on a remote server

MITRE ATT&CK