CVE-2006-7156

Keyword Replacer < 1.0 - Remote File Inclusion via pathToFiles Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-7156. PoCs published by Kw3[R]Ln.

AI-analyzed exploit summary This exploit demonstrates a remote file inclusion vulnerability in miniBB keyword_replacer <= 1.0 due to unsanitized user input in the $pathToFiles variable when register_globals is enabled. An attacker can inject a malicious PHP script via the pathToFiles parameter to achieve remote code execution.

Description

PHP remote file inclusion vulnerability in addon_keywords.php in Keyword Replacer (keyword_replacer) 1.0 and earlier, a module for miniBB, allows remote attackers to execute arbitrary PHP code via a URL in the pathToFiles parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Kw3[R]Ln · textwebappsphp

https://www.exploit-db.com/exploits/2528

View Code ZIP pw:eip

This exploit demonstrates a remote file inclusion vulnerability in miniBB keyword_replacer <= 1.0 due to unsanitized user input in the $pathToFiles variable when register_globals is enabled. An attacker can inject a malicious PHP script via the pathToFiles parameter to achieve remote code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: miniBB keyword_replacer <= 1.0

No auth needed

Prerequisites: register_globals=on · remote file inclusion allowed

MITRE ATT&CK