CVE-2006-4369

IntegraMOD Portal 2.x and earlier - Absolute Path Traversal via phpbb_root_path Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4369. PoCs published by nukedx.

AI-analyzed exploit summary This exploit targets a remote command execution vulnerability in Integramod Portal <= 2.x by manipulating the `phpbb_root_path` cookie to include a malicious PHP shell. It establishes a connection to the target and allows arbitrary command execution via HTTP POST requests.

Description

Absolute path traversal vulnerability in includes/functions_portal.php in IntegraMOD Portal 2.x and earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via an absolute pathname in the phpbb_root_path parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by nukedx · perlwebappsphp

https://www.exploit-db.com/exploits/2250

View Code ZIP pw:eip

This exploit targets a remote command execution vulnerability in Integramod Portal <= 2.x by manipulating the `phpbb_root_path` cookie to include a malicious PHP shell. It establishes a connection to the target and allows arbitrary command execution via HTTP POST requests.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Integramod Portal <= 2.x

No auth needed

Prerequisites: Target must be running Integramod Portal <= 2.x · PHP shell must be accessible via the provided URL

MITRE ATT&CK