CVE-2005-2674

Land Down Under 800 - Cross-Site Scripting via c, m, or w Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-2674. PoCs published by bl2k.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in Land Down Under by injecting arbitrary JavaScript code via the 'w' parameter in the journal.php URL. The PoC uses a simple alert dialog to confirm the vulnerability.

Description

Note: the vendor has disputed this issue. Multiple cross-site scripting (XSS) vulnerabilities in Land Down Under (LDU) 800 allow remote attackers to inject arbitrary web script or HTML via the (1) c or (2) m parameters to index.php or (3) w parameter to journal.php. NOTE: this issue has been disputed by the vendor, who says "None of the tricks written there are working, the variables are properly sanitized and no LDU version is affected.

Exploits (2)

exploitdb WORKING POC VERIFIED
by bl2k · textwebappsphp
https://www.exploit-db.com/exploits/26181

This exploit demonstrates a cross-site scripting (XSS) vulnerability in Land Down Under by injecting arbitrary JavaScript code via the 'w' parameter in the journal.php URL. The PoC uses a simple alert dialog to confirm the vulnerability.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Land Down Under (version not specified)
No auth needed
Prerequisites: Access to the vulnerable web application
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by bl2k · textwebappsphp
https://www.exploit-db.com/exploits/26182

This exploit demonstrates multiple cross-site scripting (XSS) vulnerabilities in Land Down Under by injecting arbitrary script code via unsanitized input parameters. The PoC provides example URLs with malicious payloads.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Land Down Under (version not specified)
No auth needed
Prerequisites: Access to the vulnerable web application
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=112456235729717&w=2
Exploit vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1014747
Various Sources x_refsource_misc
http://www.neocrome.net
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/14619

Scores

EPSS 0.0177
EPSS Percentile 75.2%

Details

Status published
Products (1)
neocrome/land_down_under 800
Published Aug 23, 2005
Tracked Since Feb 18, 2026