CVE-2005-3515

chipmunk_topsites - Cross-Site Scripting via recommend.php ID Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-3515. PoCs published by Alireza Hassani.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in Chipmunk products by injecting malicious JavaScript via the 'ID' parameter in the 'recommend.php' script. The payload uses an IFRAME with a JavaScript URI to trigger an alert, proving arbitrary script execution.

Description

Cross-site scripting (XSS) vulnerability in recommend.php in Chipmunk Topsites script allows remote attackers to inject arbitrary web script or HTML via the ID parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Alireza Hassani · textwebappsphp

https://www.exploit-db.com/exploits/26380

View Code ZIP pw:eip

This exploit demonstrates a cross-site scripting (XSS) vulnerability in Chipmunk products by injecting malicious JavaScript via the 'ID' parameter in the 'recommend.php' script. The payload uses an IFRAME with a JavaScript URI to trigger an alert, proving arbitrary script execution.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Chipmunk products (version unspecified)

No auth needed

Prerequisites: Access to the vulnerable 'recommend.php' endpoint

MITRE ATT&CK