CVE-2006-5302

Redaction System 1.0000 - Remote Code Execution via PHP File Inclusion

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5302. PoCs published by r0ut3r.

AI-analyzed exploit summary This exploit targets a remote file inclusion vulnerability in Redaction System 1.0000 by injecting a malicious shell URL via the 'lang_prefix' or 'lang' parameters. It allows remote command execution by leveraging a shell hosted on an attacker-controlled server.

Description

Multiple PHP remote file inclusion vulnerabilities in Redaction System 1.0000 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lang_prefix parameter to (a) conn.php, (b) sesscheck.php, (c) wap/conn.php, or (d) wap/sesscheck.php, or the (2) lang parameter to (e) index.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by r0ut3r · perlwebappsphp

https://www.exploit-db.com/exploits/2534

View Code ZIP pw:eip

This exploit targets a remote file inclusion vulnerability in Redaction System 1.0000 by injecting a malicious shell URL via the 'lang_prefix' or 'lang' parameters. It allows remote command execution by leveraging a shell hosted on an attacker-controlled server.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Redaction System 1.0000

No auth needed

Prerequisites: Attacker-controlled server hosting a malicious shell script · Network access to the target system

MITRE ATT&CK