CVE-2003-1347
Geeklog 1.3.7 - Cross-Site Scripting via cid, uid, or Homepage Field
Title source: llmExploitation Summary
EIP tracks 4 public exploits for CVE-2003-1347. PoCs published by snooq.
AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in Geeklog's 'users.php' script due to insufficient input sanitization. An attacker can craft a malicious URL containing script code, which executes in the context of a victim's browser when visited.
Description
Multiple cross-site scripting (XSS) vulnerabilities in Geeklog 1.3.7 allow remote attackers to inject arbitrary web script or HTML via the (1) cid parameter to comment.php, (2) uid parameter to profiles.php, (3) uid to users.php, and (4) homepage field.
Exploits (4)
The provided text describes a cross-site scripting (XSS) vulnerability in Geeklog's 'users.php' script due to insufficient input sanitization. An attacker can craft a malicious URL containing script code, which executes in the context of a victim's browser when visited.
The provided text describes a cross-site scripting (XSS) vulnerability in Geeklog's 'profiles.php' script due to insufficient input sanitization. It includes example URLs demonstrating how an attacker could inject malicious script code via URI parameters.
This exploit demonstrates an HTML injection vulnerability in Geeklog's user account 'Homepage' field, allowing arbitrary script execution in the context of the victim's browser. The provided payload triggers a JavaScript alert with the document cookie when the mouse hovers over the injected link.
This exploit demonstrates a cross-site scripting (XSS) vulnerability in Geeklog's comment.php script due to insufficient input sanitization. An attacker can craft a malicious URL containing JavaScript code, which executes in the context of a victim's browser when visited.