CVE-2004-2670

eNdonesia 8.3 - Cross-Site Scripting via mod or query Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-2670. PoCs published by Ahmad Muammar.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in eNdonesia 8.3, where the 'mod.php' script fails to sanitize user input in the 'query' parameter. An attacker can craft a malicious URL to execute arbitrary JavaScript in the context of a victim's browser.

Description

Multiple cross-site scripting (XSS) vulnerabilities in mod.php in eNdonesia 8.3 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter in a viewcat operation or (2) the query parameter in a search operation in the publisher module.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Ahmad Muammar · textwebappsphp

https://www.exploit-db.com/exploits/24348

View Code ZIP pw:eip

The provided text describes a cross-site scripting (XSS) vulnerability in eNdonesia 8.3, where the 'mod.php' script fails to sanitize user input in the 'query' parameter. An attacker can craft a malicious URL to execute arbitrary JavaScript in the context of a victim's browser.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: eNdonesia 8.3

No auth needed

Prerequisites: Victim must click on a malicious link

MITRE ATT&CK