CVE-2004-1871

PhotoPost PHP Pro 4.6.x - Cross-Site Scripting via Multiple Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-1871.

AI-analyzed exploit summary This is a detailed technical writeup describing multiple vulnerabilities in PhotoPost <= 4.6, including SQL injection, XSS, script injection, and DoS. It provides specific attack vectors and affected parameters but does not include functional exploit code.

Description

Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP Pro 4.6.x and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ppuser, (2) password, (3) stype, (4) perpage, (5) sort, (6) page, (7) si, or (8) cat parameters to showmembers.php, or the (9) photo name, (10) photo description, (11) album name, or (12) album description fields.

Exploits (1)

exploitdb WRITEUP

webappsphp

https://www.exploit-db.com/exploits/43808

View Code ZIP pw:eip

This is a detailed technical writeup describing multiple vulnerabilities in PhotoPost <= 4.6, including SQL injection, XSS, script injection, and DoS. It provides specific attack vectors and affected parameters but does not include functional exploit code.

Classification

Writeup 95%

Attack Type

Sqli | Xss | Dos

Complexity

Moderate

Reliability

Theoretical

Target: PhotoPost <= 4.6

No auth needed

Prerequisites: Access to vulnerable PhotoPost installation

MITRE ATT&CK