CVE-2006-6453

J-OWAMP Web Interface 2.1 - Authenticated Remote File Inclusion via JOWAMP_ShowPage.php Link Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6453. PoCs published by 3l3ctric-Cracker.

AI-analyzed exploit summary This Perl script exploits a remote file inclusion vulnerability in Jowamp WebInterface v2.1 by sending crafted HTTP requests to include a remote shell script and execute arbitrary commands. It requires user authentication and leverages LWP::UserAgent for HTTP interactions.

Description

PHP remote file inclusion vulnerability in JOWAMP_ShowPage.php in J-OWAMP Web Interface 2.1 allows remote authenticated users to execute arbitrary PHP code via a URL in the link parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by 3l3ctric-Cracker · perlwebappsphp

https://www.exploit-db.com/exploits/2895

View Code ZIP pw:eip

This Perl script exploits a remote file inclusion vulnerability in Jowamp WebInterface v2.1 by sending crafted HTTP requests to include a remote shell script and execute arbitrary commands. It requires user authentication and leverages LWP::UserAgent for HTTP interactions.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Jowamp WebInterface v2.1

Auth required

Prerequisites: Target must be running Jowamp WebInterface v2.1 · Attacker must have a valid user account on the target · Remote shell script must be accessible via HTTP

MITRE ATT&CK

T1189 - Drive-by Compromise T1210 - Exploitation of Remote Services

devstral-2 · analyzed Feb 16, 2026 Full analysis →