CVE-2006-4113

PHP <4.2 - Remote Code Execution

Title source: manual

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4113. PoCs published by Drago84.

AI-analyzed exploit summary This exploit demonstrates a remote file inclusion vulnerability in Hitweb 4.2 via the 'REP_INC' parameter in 'genpage-cgi.php'. The attacker can include a remote PHP shell by manipulating the parameter to point to a malicious URL.

Description

PHP remote file inclusion vulnerability in genpage-cgi.php in Brian Fraval hitweb 4.2 and possibly earlier versions allows remote attackers to execute arbitrary PHP code via the REP_INC parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Drago84 · textwebappsphp

https://www.exploit-db.com/exploits/2149

View Code ZIP pw:eip

This exploit demonstrates a remote file inclusion vulnerability in Hitweb 4.2 via the 'REP_INC' parameter in 'genpage-cgi.php'. The attacker can include a remote PHP shell by manipulating the parameter to point to a malicious URL.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Hitweb 4.2

No auth needed

Prerequisites: Remote PHP shell hosted on an attacker-controlled server · Network access to the vulnerable Hitweb instance

MITRE ATT&CK