CVE-2006-5510

PH Pexplorer < 0.24 - Directory Traversal via Language Cookie

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5510. PoCs published by Kacper.

AI-analyzed exploit summary This exploit targets a file inclusion vulnerability in PH Pexplorer <= 0.24 via the 'Language' cookie parameter. It uploads a malicious GIF file containing PHP code and triggers its execution by manipulating the cookie value to include the uploaded file.

Description

Directory traversal vulnerability in explorer_load_lang.php in PH Pexplorer 0.24 allows remote attackers to include arbitrary local files via ".." sequences in the Language cookie, as demonstrated by uploading a .gif file that contains PHP code.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Kacper · phpwebappsphp

https://www.exploit-db.com/exploits/2598

View Code ZIP pw:eip

This exploit targets a file inclusion vulnerability in PH Pexplorer <= 0.24 via the 'Language' cookie parameter. It uploads a malicious GIF file containing PHP code and triggers its execution by manipulating the cookie value to include the uploaded file.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: PH Pexplorer <= 0.24

No auth needed

Prerequisites: Target server running PH Pexplorer <= 0.24 · Ability to upload files to the server

MITRE ATT&CK