CVE-2006-5670

Free Image Hosting < 1.0 - Remote File Inclusion via AD_BODY_TEMP Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5670. PoCs published by Kacper.

AI-analyzed exploit summary This exploit targets a remote file inclusion vulnerability in Free Image Hosting <= 1.0 via the 'forgot_pass.php' script. It allows an attacker to include a remote shell script and execute arbitrary commands by manipulating the 'AD_BODY_TEMP' parameter.

Description

PHP remote file inclusion vulnerability in forgot_pass.php in Free Image Hosting 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Kacper · phpwebappsphp

https://www.exploit-db.com/exploits/2669

View Code ZIP pw:eip

This exploit targets a remote file inclusion vulnerability in Free Image Hosting <= 1.0 via the 'forgot_pass.php' script. It allows an attacker to include a remote shell script and execute arbitrary commands by manipulating the 'AD_BODY_TEMP' parameter.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Free Image Hosting <= 1.0

No auth needed

Prerequisites: Network access to the target server · Remote shell script hosted on an attacker-controlled server

MITRE ATT&CK