CVE-2005-3638

ekinboard 1.0.3 - Cross-Site Scripting via Profile ID Parameter and Post Titles

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-3638. PoCs published by trueend5.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in Ekinboard due to improper input sanitization. The provided URL injects arbitrary JavaScript code via an IFRAME, which executes in the context of the affected site.

Description

Cross-site scripting (XSS) vulnerabilities in Ekinboard 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in profile.php and (2) titles of posts.

Exploits (1)

exploitdb WORKING POC VERIFIED

by trueend5 · textwebappsphp

https://www.exploit-db.com/exploits/26516

View Code ZIP pw:eip

This exploit demonstrates a cross-site scripting (XSS) vulnerability in Ekinboard due to improper input sanitization. The provided URL injects arbitrary JavaScript code via an IFRAME, which executes in the context of the affected site.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Ekinboard (version not specified)

No auth needed

Prerequisites: Access to a vulnerable Ekinboard instance · User interaction to visit the crafted URL

MITRE ATT&CK