CVE-2006-0136

Chimera Web Portal System 0.2 - Cross-Site Scripting via Guestbook Module Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-0136. PoCs published by Aliaksandr Hartsuyeu.

AI-analyzed exploit summary The provided text describes multiple input validation vulnerabilities in Chimera Web Portal, including XSS and SQL injection, but does not contain actual exploit code. It outlines vulnerable parameters in a guestbook module.

Description

Multiple cross-site scripting (XSS) vulnerabilities in the guestbook module in modules.php in Phanatic Softwares Chimera Web Portal System 0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) comment_poster, (2) comment_poster_email, (3) comment_poster_homepage, and (4) comment_text parameters.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Aliaksandr Hartsuyeu · textwebappsphp

https://www.exploit-db.com/exploits/27016

View Code ZIP pw:eip

The provided text describes multiple input validation vulnerabilities in Chimera Web Portal, including XSS and SQL injection, but does not contain actual exploit code. It outlines vulnerable parameters in a guestbook module.

Classification

Writeup 90%

Attack Type

Xss | Sqli

Complexity

Trivial

Reliability

Theoretical

Target: Chimera Web Portal (version unspecified)

No auth needed

Prerequisites: Access to the vulnerable guestbook module

MITRE ATT&CK