CVE-2006-5458

Hinton Design phpht Topsites < 1.0 - Remote File Inclusion via phpht_real_path Parameter

Title source: manual

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5458. PoCs published by Mehmet Ince.

AI-analyzed exploit summary This exploit demonstrates a Remote File Include (RFI) vulnerability in phpht Topsites due to improper input validation of the 'phpht_real_path' parameter. An attacker can include arbitrary remote files by manipulating the parameter in the 'common.php' script.

Description

PHP remote file inclusion vulnerability in common.php in Hinton Design phpht Topsites allows remote attackers to execute arbitrary PHP code via a URL in the phpht_real_path parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Mehmet Ince · textwebappsphp

https://www.exploit-db.com/exploits/2526

View Code ZIP pw:eip

This exploit demonstrates a Remote File Include (RFI) vulnerability in phpht Topsites due to improper input validation of the 'phpht_real_path' parameter. An attacker can include arbitrary remote files by manipulating the parameter in the 'common.php' script.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: phpht Topsites

No auth needed

Prerequisites: Remote file inclusion must be enabled on the target server · Attacker must be able to reach the target URL

MITRE ATT&CK