CVE-2006-6567

mxBB kb_mods - Remote File Inclusion via module_root_path Parameter

Title source: manual

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6567. PoCs published by 3l3ctric-Cracker.

AI-analyzed exploit summary The exploit demonstrates a Remote File Inclusion (RFI) and Local File Inclusion (LFI) vulnerability in the 'knowledgebase' software version 2.0.2. The vulnerability arises from unsanitized variables like 'phpEx' and 'module_root_path' in the 'includes/common.php' file, allowing arbitrary file inclusion.

Description

PHP remote file inclusion vulnerability in includes/kb_constants.php in the Knowledge Base (mx_kb) 2.0.2 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by 3l3ctric-Cracker · textwebappsphp

https://www.exploit-db.com/exploits/2924

View Code ZIP pw:eip

The exploit demonstrates a Remote File Inclusion (RFI) and Local File Inclusion (LFI) vulnerability in the 'knowledgebase' software version 2.0.2. The vulnerability arises from unsanitized variables like 'phpEx' and 'module_root_path' in the 'includes/common.php' file, allowing arbitrary file inclusion.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: knowledgebase 2.0.2

No auth needed

Prerequisites: Access to the target URL · Knowledge of the vulnerable file paths

MITRE ATT&CK