CVE-2006-5250

blueshoes_framework < 4.6_public - Remote File Inclusion via APP[path][lib] Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5250. PoCs published by k1tk4t.

AI-analyzed exploit summary This exploit demonstrates a remote file inclusion vulnerability in BlueShoes Framework 4.6. The vulnerability arises from insufficient sanitization of user-supplied data in the 'APP[path][lib]' parameter, allowing an attacker to include remote files and potentially execute arbitrary code.

Description

PHP remote file inclusion vulnerability in lib/googlesearch/GoogleSearch.php in BlueShoes 4.6_public and earlier allows remote attackers to execute arbitrary PHP code via a URL in the APP[path][lib] parameter, a different vector than CVE-2006-2864.

Exploits (1)

exploitdb WORKING POC VERIFIED

by k1tk4t · textwebappsphp

https://www.exploit-db.com/exploits/28781

View Code ZIP pw:eip

This exploit demonstrates a remote file inclusion vulnerability in BlueShoes Framework 4.6. The vulnerability arises from insufficient sanitization of user-supplied data in the 'APP[path][lib]' parameter, allowing an attacker to include remote files and potentially execute arbitrary code.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: BlueShoes Framework 4.6

No auth needed

Prerequisites: Network access to the target application · Ability to host a malicious file on a remote server

MITRE ATT&CK