CVE-2006-5305

lat2cyr < 1.0.1 - Remote File Inclusion via phpbb_root_path Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5305. PoCs published by Nima Salehi.

AI-analyzed exploit summary This exploit targets a Remote File Include (RFI) vulnerability in phpBB lat2cyr 1.0.1 by injecting a remote shell script via the 'phpbb_root_path' parameter. It establishes a TCP connection to the target and sends crafted HTTP requests to execute arbitrary commands.

Description

PHP remote file inclusion vulnerability in lat2cyr.php in the lat2cyr 1.0.1 and earlier phpbb module allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Nima Salehi · perlwebappsphp

https://www.exploit-db.com/exploits/2546

View Code ZIP pw:eip

This exploit targets a Remote File Include (RFI) vulnerability in phpBB lat2cyr 1.0.1 by injecting a remote shell script via the 'phpbb_root_path' parameter. It establishes a TCP connection to the target and sends crafted HTTP requests to execute arbitrary commands.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: phpBB lat2cyr <= 1.0.1

No auth needed

Prerequisites: Remote shell script hosted on an attacker-controlled server · Network access to the target web server

MITRE ATT&CK