CVE-2006-4630

Sky GUNNING MySpeach <= 3.0.2 - Remote File Inclusion via my_ms[root] Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4630. PoCs published by SHiKaA.

AI-analyzed exploit summary This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in MySpeach <= v3.0.2 via the 'my_ms[root]' parameter in jscript.php. The attacker can include a remote shell by manipulating the parameter to point to a malicious URL.

Description

PHP remote file inclusion vulnerability in jscript.php in Sky GUNNING MySpeach 3.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the my_ms[root] parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by SHiKaA · textwebappsphp

https://www.exploit-db.com/exploits/2301

View Code ZIP pw:eip

This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in MySpeach <= v3.0.2 via the 'my_ms[root]' parameter in jscript.php. The attacker can include a remote shell by manipulating the parameter to point to a malicious URL.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: MySpeach <= v3.0.2

No auth needed

Prerequisites: Target application must have allow_url_include enabled in PHP configuration · Attacker must know the path to the vulnerable script

MITRE ATT&CK