CVE-2002-0948

Scripts For Educators MakeBook <2.2 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0948. PoCs published by b0iler.

AI-analyzed exploit summary The exploit demonstrates HTML and SSI injection vulnerabilities in MakeBook guestbook software due to insufficient input sanitization. It provides examples of arbitrary HTML and Server-Side Includes (SSI) injection, which could lead to XSS or command execution depending on the server configuration.

Description

Scripts For Educators MakeBook 2.2 CGI program allows remote attackers to execute script as other visitors, or execute server-side includes (SSI) as the web server, via the (1) Name or (2) Email parameters, which are not properly filtered.

Exploits (1)

exploitdb WRITEUP VERIFIED

by b0iler · textwebappscgi

https://www.exploit-db.com/exploits/21535

View Code ZIP pw:eip

The exploit demonstrates HTML and SSI injection vulnerabilities in MakeBook guestbook software due to insufficient input sanitization. It provides examples of arbitrary HTML and Server-Side Includes (SSI) injection, which could lead to XSS or command execution depending on the server configuration.

Classification

Writeup 90%

Attack Type

Xss | Other

Complexity

Trivial

Reliability

Theoretical

Target: MakeBook guestbook software

No auth needed

Prerequisites: Access to the guestbook form

MITRE ATT&CK