CVE-2006-5315

registroTL main.php - Remote File Inclusion Code Execution

Title source: manual

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5315. PoCs published by DarkFig.

AI-analyzed exploit summary This is a writeup describing a file inclusion vulnerability in the 'registroTL' PHP script, where the 'page' parameter is used unsafely in an include statement, allowing remote file inclusion and source disclosure. The writeup provides examples of exploitation but does not include functional exploit code.

Description

PHP remote file inclusion vulnerability in main.php in registroTL allows remote attackers to execute arbitrary PHP code via an ftp:// URL in the page parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by DarkFig · textwebappsphp

https://www.exploit-db.com/exploits/2502

View Code ZIP pw:eip

This is a writeup describing a file inclusion vulnerability in the 'registroTL' PHP script, where the 'page' parameter is used unsafely in an include statement, allowing remote file inclusion and source disclosure. The writeup provides examples of exploitation but does not include functional exploit code.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Theoretical

Target: registroTL (version not specified)

No auth needed

Prerequisites: vulnerable version of registroTL · ability to send crafted HTTP requests to the target

MITRE ATT&CK