CVE-2006-5715

Easy File Sharing (EFS) Easy Address Book 1.2 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5715. PoCs published by Greg Linares.

AI-analyzed exploit summary This exploit demonstrates an alternative data stream vulnerability in EFS Easy Address Book Web Server, allowing unauthorized file access via crafted HTTP GET requests. It retrieves sensitive files such as user credentials, RSA keys, and server configurations.

Description

Easy File Sharing (EFS) Easy Address Book 1.2, when run on an NTFS file system, allows remote attackers to read arbitrary files under the web root by appending "::$DATA" to the end of an HTTP GET request, which accesses the alternate data stream.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Greg Linares · cremotewindows

https://www.exploit-db.com/exploits/2699

View Code ZIP pw:eip

This exploit demonstrates an alternative data stream vulnerability in EFS Easy Address Book Web Server, allowing unauthorized file access via crafted HTTP GET requests. It retrieves sensitive files such as user credentials, RSA keys, and server configurations.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: EFS Easy Address Book Web Server

No auth needed

Prerequisites: Network access to the target server · Target server running EFS Easy Address Book Web Server

MITRE ATT&CK