CVE-2006-4877

David Bennett PHP-Post <1.0 - Variable Overwrite

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4877. PoCs published by HACKERS PAL.

AI-analyzed exploit summary This exploit leverages a SQL injection vulnerability in PHP-Post to write a malicious PHP file to the target server, enabling remote command execution. It constructs a UNION-based SQL query to inject PHP code into an OUTFILE, creating a backdoor shell.

Description

Variable overwrite vulnerability in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to overwrite arbitrary program variables via multiple vectors that use the extract function, as demonstrated by the table_prefix parameter in (1) index.php, (2) profile.php, and (3) header.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by HACKERS PAL · phpwebappsphp

https://www.exploit-db.com/exploits/28591

View Code ZIP pw:eip

This exploit leverages a SQL injection vulnerability in PHP-Post to write a malicious PHP file to the target server, enabling remote command execution. It constructs a UNION-based SQL query to inject PHP code into an OUTFILE, creating a backdoor shell.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: PHP-Post (version not specified)

No auth needed

Prerequisites: Target must have PHP-Post installed with vulnerable configuration · Target must allow file writes via SQL OUTFILE

MITRE ATT&CK