CVE-2006-6690

Typo3 <4.0.3, 3.7, 3.8, 4.1 beta - Authenticated Command Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6690. PoCs published by D. Fabian.

AI-analyzed exploit summary This exploit leverages a command injection vulnerability in TYPO3's 'rtehtmlarea' extension by sending a maliciously crafted POST request to execute arbitrary system commands. The payload injects a command to create a file in /tmp, demonstrating the vulnerability.

Description

rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0 through 4.0.3, 3.7 and 3.8 with the rtehtmlarea extension, and 4.1 beta allows remote authenticated users to execute arbitrary commands via shell metacharacters in the userUid parameter to rtehtmlarea/htmlarea/plugins/SpellChecker/spell-check-logic.php, and possibly another vector.

Exploits (1)

exploitdb WORKING POC VERIFIED

by D. Fabian · textwebappsphp

https://www.exploit-db.com/exploits/29300

View Code ZIP pw:eip

This exploit leverages a command injection vulnerability in TYPO3's 'rtehtmlarea' extension by sending a maliciously crafted POST request to execute arbitrary system commands. The payload injects a command to create a file in /tmp, demonstrating the vulnerability.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: TYPO3 versions 4.0 to 4.0.3, 4.1beta, and 3.7/3.8 with 'rtehtmlarea' extension

No auth needed

Prerequisites: Target must have the 'rtehtmlarea' extension installed · Network access to the TYPO3 instance

MITRE ATT&CK