CVE-2005-0650

ProjectBB 0.4.5.1 - Cross-Site Scripting via Multiple Input Fields

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-0650. PoCs published by benji lemien.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in ProjectBB, where user-supplied input is not properly sanitized. An attacker can craft a malicious link to execute arbitrary script code in the context of a user's browser session.

Description

Multiple cross-site scripting (XSS) vulnerabilities in ProjectBB 0.4.5.1 allow remote attackers to inject arbitrary web script or HTML via (1) the pages parameter to divers.php (incorrectly referred to as "drivers.php" by some sources), (2) in the search feature text area, (3) forum name, (4) site name or (5) the maximum avatar size in the option section, (5) new category or (6) new forum fields in the forum section.

Exploits (1)

exploitdb WRITEUP VERIFIED

by benji lemien · textwebappsphp

https://www.exploit-db.com/exploits/25183

View Code ZIP pw:eip

The provided text describes a cross-site scripting (XSS) vulnerability in ProjectBB, where user-supplied input is not properly sanitized. An attacker can craft a malicious link to execute arbitrary script code in the context of a user's browser session.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: ProjectBB (version not specified)

No auth needed

Prerequisites: Victim must click on a malicious link

MITRE ATT&CK