CVE-2006-6426

ThinkEdit < 1.9.2 - Remote File Inclusion via Template File Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6426. PoCs published by r0ut3r.

AI-analyzed exploit summary This exploit targets a remote file inclusion vulnerability in ThinkEdit 1.9.2 by injecting a remote shell via the 'template_file' parameter in 'render.php'. It checks for vulnerability by testing arbitrary input reflection and then allows command execution through a user-provided shell location.

Description

PHP remote file inclusion vulnerability in design/thinkedit/render.php in ThinkEdit 1.9.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the template_file parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by r0ut3r · textwebappsphp

https://www.exploit-db.com/exploits/2898

View Code ZIP pw:eip

This exploit targets a remote file inclusion vulnerability in ThinkEdit 1.9.2 by injecting a remote shell via the 'template_file' parameter in 'render.php'. It checks for vulnerability by testing arbitrary input reflection and then allows command execution through a user-provided shell location.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: ThinkEdit 1.9.2

No auth needed

Prerequisites: Remote shell accessible via HTTP · Register globals enabled on target

MITRE ATT&CK