CVE-2006-4824

Quicksilver Forums < 1.2.1 - Remote File Inclusion via set[include_path] Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4824. PoCs published by mdx.

AI-analyzed exploit summary This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in Quicksilver Forums versions 1.2.0 and 1.2.1. The vulnerability arises due to improper handling of the 'set[include_path]' parameter in 'activeutil.php', allowing an attacker to include and execute remote malicious scripts.

Description

PHP remote file inclusion vulnerability in lib/activeutil.php in Quicksilver Forums (QSF) 1.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the set[include_path] parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by mdx · textwebappsphp

https://www.exploit-db.com/exploits/2356

View Code ZIP pw:eip

This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in Quicksilver Forums versions 1.2.0 and 1.2.1. The vulnerability arises due to improper handling of the 'set[include_path]' parameter in 'activeutil.php', allowing an attacker to include and execute remote malicious scripts.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Quicksilver Forums v1.2.0, v1.2.1

No auth needed

Prerequisites: Remote script hosting · Network access to the target

MITRE ATT&CK