CVE-2006-6819

AlstraSoft Web Host Directory - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6819.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in AlstraSoft Web Host Directory v1.2, including insecure cookie handling for authentication bypass, arbitrary database backup download, and SQL injection for authentication bypass. It provides clear, functional steps to exploit these issues.

Description

AlstraSoft Web Host Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a backup database via a direct request for admin/backup/db.

Exploits (1)

exploitdb WORKING POC

webappsphp

https://www.exploit-db.com/exploits/7116

View Code ZIP pw:eip

The exploit demonstrates multiple vulnerabilities in AlstraSoft Web Host Directory v1.2, including insecure cookie handling for authentication bypass, arbitrary database backup download, and SQL injection for authentication bypass. It provides clear, functional steps to exploit these issues.

Classification

Working Poc 90%

Attack Type

Auth Bypass | Sqli | Info Leak

Complexity

Trivial

Reliability

Reliable

Target: AlstraSoft Web Host Directory v1.2

No auth needed

Prerequisites: Access to the target web application · JavaScript execution in the victim's browser for cookie manipulation

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1078 - Valid Accounts

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/455352/100/0/threaded

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/23500

Scores

EPSS 0.0182

EPSS Percentile 75.9%

Details

Status published

Products (1)

alstrasoft/webhost_directory

Published Dec 29, 2006

Tracked Since Feb 18, 2026