CVE-2006-6773

Fishyshoop 0.930 beta - Unauthenticated Arbitrary Admin User Creation via is_admin Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6773. PoCs published by James Gray.

AI-analyzed exploit summary This exploit leverages an insecure registration process in Fishyshoop to create an admin account by directly submitting a POST request with admin privileges. It bypasses proper authentication checks by setting 'is_admin=1' in the form data.

Description

pages/register/register.php in Fishyshoop 0.930 beta allows remote attackers to create arbitrary administrative users by setting the is_admin HTTP POST parameter to 1.

Exploits (1)

exploitdb WORKING POC VERIFIED

by James Gray · perlwebappsphp

https://www.exploit-db.com/exploits/3011

View Code ZIP pw:eip

This exploit leverages an insecure registration process in Fishyshoop to create an admin account by directly submitting a POST request with admin privileges. It bypasses proper authentication checks by setting 'is_admin=1' in the form data.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Fishyshoop (version unspecified)

No auth needed

Prerequisites: Access to the Fishyshoop registration endpoint · Perl with WWW::Curl::Easy module installed

MITRE ATT&CK