CVE-2006-5505

2BGal 3.0 - Remote PHP File Inclusion via Lang Parameter

Title source: manual

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5505. PoCs published by Kw3[R]Ln.

AI-analyzed exploit summary This exploit targets a file inclusion vulnerability in 2BGal 3.0 by injecting PHP code into Apache log files and then including the log file via the vulnerable parameter. It provides a remote command execution shell.

Description

Multiple PHP file inclusion vulnerabilities in 2BGal 3.0 allow remote attackers to execute arbitrary PHP code via the lang parameter to (1) admin/configuration.inc.php, (2) admin/creer_album.inc.php, (3) admin/changepwd.php.inc, and unspecified other files. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Kw3[R]Ln · perlwebappsphp

https://www.exploit-db.com/exploits/2698

View Code ZIP pw:eip

This exploit targets a file inclusion vulnerability in 2BGal 3.0 by injecting PHP code into Apache log files and then including the log file via the vulnerable parameter. It provides a remote command execution shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: 2BGal 3.0

No auth needed

Prerequisites: magic_quotes_gpc = off · Apache log write permissions · Access to the vulnerable parameter

MITRE ATT&CK