CVE-2006-4654

Easy Address Book Web Server 1.2 - DoS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4654. PoCs published by Revnic Vasile.

AI-analyzed exploit summary The exploit describes a format-string vulnerability in Easy Address Book Web Server 1.2, where unsanitized user input is passed to a formatted-printing function, potentially allowing remote code execution. The provided example URL demonstrates the vulnerability but lacks executable PoC code.

Description

Format string vulnerability in Easy Address Book Web Server 1.2 allows remote attackers to cause a denial of service (crash) or "compromise the server" via encoded format string specifiers in the query string.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Revnic Vasile · textremotewindows

https://www.exploit-db.com/exploits/28489

View Code ZIP pw:eip

The exploit describes a format-string vulnerability in Easy Address Book Web Server 1.2, where unsanitized user input is passed to a formatted-printing function, potentially allowing remote code execution. The provided example URL demonstrates the vulnerability but lacks executable PoC code.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: Easy Address Book Web Server 1.2

No auth needed

Prerequisites: Network access to the target server · Vulnerable version of Easy Address Book Web Server

MITRE ATT&CK