CVE-2006-4373

pSlash 0.70 - Remote File Inclusion via lvc_include_dir Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4373. PoCs published by Mehmet Ince.

AI-analyzed exploit summary This exploit demonstrates a remote file inclusion vulnerability in pSlash v0.7 by manipulating the `lvc_include_dir` parameter to include arbitrary remote scripts. The vulnerability arises from insecure handling of user-supplied input in the `config.inc.php` file.

Description

PHP remote file inclusion vulnerability in modules/visitors2/include/config.inc.php in pSlash 0.70 allows remote attackers to execute arbitrary PHP code via a URL in the lvc_include_dir parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Mehmet Ince · textwebappsphp

https://www.exploit-db.com/exploits/2249

View Code ZIP pw:eip

This exploit demonstrates a remote file inclusion vulnerability in pSlash v0.7 by manipulating the `lvc_include_dir` parameter to include arbitrary remote scripts. The vulnerability arises from insecure handling of user-supplied input in the `config.inc.php` file.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: pSlash v0.7

No auth needed

Prerequisites: Remote script hosting location · Network access to the target

MITRE ATT&CK