CVE-2006-5317

eboli - Remote File Inclusion via index.php contentSpecial Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5317. PoCs published by DarkFig.

AI-analyzed exploit summary This is a writeup describing a file inclusion vulnerability in the 'eboli' PHP script, where user-controlled input via $_GET['contentSpecial'] is passed directly to an include statement, allowing for remote file inclusion or source disclosure. The writeup includes a proof-of-concept URL demonstrating the vulnerability.

Description

PHP remote file inclusion vulnerability in index.php in eboli allows remote attackers to execute arbitrary PHP code via a URL in the contentSpecial parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by DarkFig · textwebappsphp

https://www.exploit-db.com/exploits/2504

View Code ZIP pw:eip

This is a writeup describing a file inclusion vulnerability in the 'eboli' PHP script, where user-controlled input via $_GET['contentSpecial'] is passed directly to an include statement, allowing for remote file inclusion or source disclosure. The writeup includes a proof-of-concept URL demonstrating the vulnerability.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: eboli (version not specified)

No auth needed

Prerequisites: PHP configuration allowing remote file inclusion (e.g., allow_url_fopen and allow_url_include enabled)

MITRE ATT&CK