.. / CVE-2006-2842

Exploit for Squirrelmail <=1.4.6 - Local File Inclusion (CVE-2006-2842)

Description:

SquirrelMail 1.4.6 and earlier versions are susceptible to a PHP local file inclusion vulnerability in functions/plugin.php if register_globals is enabled and magic_quotes_gpc is disabled. This allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter.

Nuclei Template

View the template here CVE-2006-2842.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2006/CVE-2006-2842.yaml

References:

http://squirrelmail.cvs.sourceforge.net/squirrelmail/squirrelmail/functions/global.php?r1=1.27.2.16&r2=1.27.2.17&view=patch&pathrev=SM-1_4-STABLE
https://nvd.nist.gov/vuln/detail/CVE-2006-2842
ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc
http://www.squirrelmail.org/security/issue/2006-06-01
https://www.exploit-db.com/exploits/27948

.. / CVE-2006-2842 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Squirrelmail <=1.4.6 - Local File Inclusion (CVE-2006-2842)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2006-2842