CVE-2006-2842 PoC — Squirrelmail plugin.php PHP远程文件包含漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2006/CVE-2006-2842.yaml

Associated Vulnerability

Title:Squirrelmail plugin.php PHP远程文件包含漏洞 (CVE-2006-2842)
Description:SquirrelMail是一个多功能的用PHP4实现的Webmail程序，可运行于Linux/Unix类操作系统下。 Squirrelmail 1.4.6版本的functions/plugin.php文件中存在文件包含漏洞。远程攻击者可借助插件数组参数中的URL执行任意PHP代码。相关代码如下： if (isset($plugins) & & is_array($plugins)) { foreach ($plugins as $name) { use_plugin($name); } ... func

Description

SquirrelMail 1.4.6 and earlier versions are susceptible to a PHP local file inclusion vulnerability in functions/plugin.php if register_globals is enabled and magic_quotes_gpc is disabled. This allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter.

File Snapshot


 id: CVE-2006-2842

info:
  name: Squirrelmail <=1.4.6 - Local File Inclusion
  author: dhiyaneshDk
 

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!