CVE-2006-4878

David Bennett PHP-Post <1.0 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4878. PoCs published by Kacper.

AI-analyzed exploit summary This exploit targets a file upload vulnerability in PHP-Post <= 1.01, allowing remote code execution by uploading a malicious GIF file containing PHP code and then triggering its execution via a path traversal in the template parameter.

Description

Directory traversal vulnerability in footer.php in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to read and include arbitrary local files via a .. (dot dot) sequence in the template parameter. NOTE: this was later reported to affect 1.0.1, and demonstrated for code execution by uploading and accessing an avatar file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Kacper · phpwebappsphp

https://www.exploit-db.com/exploits/2593

View Code ZIP pw:eip

This exploit targets a file upload vulnerability in PHP-Post <= 1.01, allowing remote code execution by uploading a malicious GIF file containing PHP code and then triggering its execution via a path traversal in the template parameter.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: PHP-Post v1.01

No auth needed

Prerequisites: Target server running PHP-Post <= 1.01 · Ability to send HTTP requests to the target

MITRE ATT&CK