Cheng Peng Su

9 exploits Active since Feb 2004
EIP-2026-118812 EXPLOITDB html WORKING POC
Microsoft Internet Explorer 5 - Shell: IFrame Cross-Zone Scripting (1)
EIP-2026-118842 EXPLOITDB text WORKING POC
Microsoft Internet Explorer 6 - window.open Media Bar Cross-Zone Scripting
CVE-2003-0816 EXPLOITDB html WORKING POC
Internet Explorer 6 SP1 - Auth Bypass
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.
EIP-2026-118813 EXPLOITDB html WORKING POC
Microsoft Internet Explorer 5 - Shell: IFrame Cross-Zone Scripting (2)
CVE-2004-1827 EXPLOITDB text WORKING POC
Simple Machines Smf - XSS
Cross-site scripting (XSS) vulnerability in YaBB 1 Gold(SP1.3) and YaBB SE 1.5.1 Final allows remote attackers to inject arbitrary web script via the background:url property in (1) glow or (2) shadow tags.
CVE-2004-0620 EXPLOITDB html WORKING POC
vBulletin 3.0.1 - XSS
Cross-site scripting (XSS) vulnerability in (1) newreply.php or (2) newthread.php in vBulletin 3.0.1 allows remote attackers to inject arbitrary HTML or script as other users via the Edit-panel.
CVE-2004-1996 EXPLOITDB text WRITEUP
Simple Machines Smf - XSS
Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 1.0 allows remote attackers to inject arbitrary web script via the size tag.
CVE-2004-0319 EXPLOITDB text WORKING POC
Ezboard - XSS
Cross-site scripting (XSS) vulnerability in the font tag in ezBoard 7.3u allows remote attackers to execute arbitrary script as other users, as demonstrated using the background:url in a (1) font color or (2) font face argument.
CVE-2004-0254 EXPLOITDB text WORKING POC
Crosscom Olicom Discuz - XSS
Cross-site scripting (XSS) vulnerability in Discuz! Board 2.x and 3.x allows remote attackers to execute arbitrary script as other users via an img tag.