CVE-2005-1597

Invision Power Board <= 2.0.3 - Cross-Site Scripting via Highlite Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-1597. PoCs published by GulfTech Security.

AI-analyzed exploit summary This is a detailed writeup describing SQL injection and XSS vulnerabilities in IP.Board versions <= 2.0.3. It explains the root cause, affected code, and potential exploitation methods but does not include functional exploit code.

Description

Cross-site scripting (XSS) vulnerability in (1) search.php and (2) topics.php for Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the highlite parameter.

Exploits (1)

exploitdb WRITEUP

by GulfTech Security · textwebappsphp

https://www.exploit-db.com/exploits/43824

View Code ZIP pw:eip

This is a detailed writeup describing SQL injection and XSS vulnerabilities in IP.Board versions <= 2.0.3. It explains the root cause, affected code, and potential exploitation methods but does not include functional exploit code.

Classification

Writeup 90%

Attack Type

Sqli | Xss

Complexity

Moderate

Reliability

Theoretical

Target: Invision Power Board (IP.Board) <= 2.0.3

No auth needed

Prerequisites: Access to the target application · Ability to send crafted requests

MITRE ATT&CK