CVE-2006-5764

Free File Hosting < 1.1 - Remote Code Execution via AD_BODY_TEMP Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5764. PoCs published by IbnuSina.

AI-analyzed exploit summary The provided text describes a remote file inclusion vulnerability in Free File Hosting version 1.1, where insufficient sanitization of user-supplied data allows an attacker to include remote files via the 'AD_BODY_TEMP' parameter in contact.php. This is a writeup rather than a functional exploit.

Description

PHP remote file inclusion vulnerability in contact.php in Free File Hosting 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue was later reported for the "File Upload System" which is a component of Free File Hosting.

Exploits (1)

exploitdb WRITEUP VERIFIED

by IbnuSina · textwebappsphp

https://www.exploit-db.com/exploits/29772

View Code ZIP pw:eip

The provided text describes a remote file inclusion vulnerability in Free File Hosting version 1.1, where insufficient sanitization of user-supplied data allows an attacker to include remote files via the 'AD_BODY_TEMP' parameter in contact.php. This is a writeup rather than a functional exploit.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: Free File Hosting 1.1

No auth needed

Prerequisites: Access to the vulnerable contact.php endpoint · Ability to host a malicious file on a remote server

MITRE ATT&CK