CVE-2006-5085

Blog Pixel Motion 2.1.1 - Code Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5085.

AI-analyzed exploit summary This Perl script exploits a PHP code execution vulnerability in Blog Pixel Motion V2.1.1 via the 'nom_blog' parameter in config.php, allowing arbitrary command execution. It also includes functionality to create an admin account via SQL injection in insere_base.php.

Description

Static code injection vulnerability in config.php in Blog Pixel Motion 2.1.1 allows remote attackers to execute arbitrary PHP code via the nom_blog parameter, which is injected into include/variables.php.

Exploits (1)

exploitdb WORKING POC

perlwebappsphp

https://www.exploit-db.com/exploits/2441

View Code ZIP pw:eip

This Perl script exploits a PHP code execution vulnerability in Blog Pixel Motion V2.1.1 via the 'nom_blog' parameter in config.php, allowing arbitrary command execution. It also includes functionality to create an admin account via SQL injection in insere_base.php.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Blog Pixel Motion V2.1.1

No auth needed

Prerequisites: Network access to the target · Perl environment with LWP::UserAgent and HTTP::Request::Common modules

MITRE ATT&CK