CVE-2006-0650

CPAINT < 2.0.3 - Cross-Site Scripting via cpaint_response_type Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-0650. PoCs published by GulfTech Security.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in CPAINT 2.0.2 and prior versions, specifically in the 'type.php' script. The vulnerability allows an attacker to inject malicious scripts via the 'cpaint_response_type' parameter.

Description

Cross-site scripting (XSS) vulnerability in cpaint2.inc.php in the CPAINT library before 2.0.3, as used in multiple scripts, allows remote attackers to inject arbitrary web script or HTML via the cpaint_response_type parameter, which is displayed in a resulting error message, as demonstrated using a hex-encoded IFRAME tag.

Exploits (1)

exploitdb WRITEUP VERIFIED

by GulfTech Security · textwebappsphp

https://www.exploit-db.com/exploits/27173

View Code ZIP pw:eip

The provided text describes a cross-site scripting (XSS) vulnerability in CPAINT 2.0.2 and prior versions, specifically in the 'type.php' script. The vulnerability allows an attacker to inject malicious scripts via the 'cpaint_response_type' parameter.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: CPAINT 2.0.2 and prior versions

No auth needed

Prerequisites: Access to the vulnerable 'type.php' script

MITRE ATT&CK