CVE-2004-2720

Snitz Forums 2000 < 3.4.04 - Cross-Site Scripting via Email Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-2720. PoCs published by anonymous.

AI-analyzed exploit summary This Perl script exploits a SQL injection vulnerability in Snitz Forums 3.3.03 via the 'register.asp' endpoint, allowing remote command execution through the 'xp_cmdshell' function. The exploit sends a crafted POST request with malicious input in the 'Email' parameter.

Description

Cross-site scripting (XSS) vulnerability in register.asp in Snitz Forums 2000 3.4.04 and earlier allows remote attackers to inject arbitrary web script or HTML via javascript events in the Email parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by anonymous · perlremotewindows

https://www.exploit-db.com/exploits/30

View Code ZIP pw:eip

This Perl script exploits a SQL injection vulnerability in Snitz Forums 3.3.03 via the 'register.asp' endpoint, allowing remote command execution through the 'xp_cmdshell' function. The exploit sends a crafted POST request with malicious input in the 'Email' parameter.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Snitz Forums 3.3.03

No auth needed

Prerequisites: Network access to the target web server · Snitz Forums 3.3.03 with exposed 'register.asp' endpoint

MITRE ATT&CK