CVE-2006-5426

LoCal Calendar System 1.1 - Remote File Inclusion via LIBDIR Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5426. PoCs published by o0xxdark0o.

AI-analyzed exploit summary This exploit targets a remote file inclusion vulnerability in LoCal Calendar System v1.1 by manipulating the LIBDIR parameter in lcUser.php to include arbitrary remote files. The PoC demonstrates how an attacker can execute remote code by injecting a malicious URL.

Description

PHP remote file inclusion vulnerability in lib/lcUser.php in LoCal Calendar System 1.1 remote attackers to execute arbitrary PHP code via a URL in the LIBDIR parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by o0xxdark0o · textwebappsphp

https://www.exploit-db.com/exploits/2595

View Code ZIP pw:eip

This exploit targets a remote file inclusion vulnerability in LoCal Calendar System v1.1 by manipulating the LIBDIR parameter in lcUser.php to include arbitrary remote files. The PoC demonstrates how an attacker can execute remote code by injecting a malicious URL.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: LoCal Calendar System v1.1

No auth needed

Prerequisites: Remote file inclusion must be enabled on the target server · Attacker-controlled server hosting malicious file

MITRE ATT&CK