Exploitation Summary
EIP tracks 1 public exploit for CVE-2004-2017. PoCs published by Kaloyan Olegov Georgiev.
AI-analyzed exploit summary This exploit demonstrates multiple XSS and HTML injection vulnerabilities in TurboTrafficTrader C by injecting malicious scripts via URL parameters, HTTP headers, and user input fields. The PoC includes examples of crafted URLs, environment variables, and raw HTTP requests to trigger the vulnerabilities.
Description
Multiple cross-site scripting (XSS) vulnerabilities in Turbo Traffic Trader C (TTT-C) 1.0 allow remote attackers to inject arbitrary HTML or web script, as demonstrated via (1) the link parameter to ttt-out, (2) the X-Forwarded-For header in a GET request to ttt-in, (3) the Referer header in a GET request to ttt-in, or the (4) site name or (5) site URL fields in the main control panel.
Exploits (1)
This exploit demonstrates multiple XSS and HTML injection vulnerabilities in TurboTrafficTrader C by injecting malicious scripts via URL parameters, HTTP headers, and user input fields. The PoC includes examples of crafted URLs, environment variables, and raw HTTP requests to trigger the vulnerabilities.