CVE-2006-4753

PHProg < 1.1 - Directory Traversal via Lang Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4753. PoCs published by cdg393.

AI-analyzed exploit summary The provided text describes a local file inclusion (LFI) vulnerability in PHProg 1.0, where insufficient sanitization of the 'lang' parameter allows attackers to include arbitrary files. The example demonstrates accessing BOOT.INI via directory traversal.

Description

Directory traversal vulnerability in index.php in PHProg before 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by cdg393 · textwebappsphp

https://www.exploit-db.com/exploits/28511

View Code ZIP pw:eip

The provided text describes a local file inclusion (LFI) vulnerability in PHProg 1.0, where insufficient sanitization of the 'lang' parameter allows attackers to include arbitrary files. The example demonstrates accessing BOOT.INI via directory traversal.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: PHProg 1.0

No auth needed

Prerequisites: Access to the vulnerable PHProg application

MITRE ATT&CK