CVE-2006-0758

HiveMail <= 1.3 - Cross-Site Scripting via PHP_SELF Variable

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-0758. PoCs published by GulfTech Security.

AI-analyzed exploit summary The provided text describes multiple vulnerabilities in HiveMail, including PHP code execution, XSS, and SQL injection, but does not contain actual exploit code. It includes a sample XSS payload.

Description

Multiple cross-site scripting (XSS) vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via a URL encoded expression in the query string in (1) index.php and (2) possibly certain other scripts, which is not properly cleansed when accessed from the $_SERVER['PHP_SELF'] variable.

Exploits (1)

exploitdb WRITEUP VERIFIED

by GulfTech Security · textwebappsphp

https://www.exploit-db.com/exploits/27186

View Code ZIP pw:eip

The provided text describes multiple vulnerabilities in HiveMail, including PHP code execution, XSS, and SQL injection, but does not contain actual exploit code. It includes a sample XSS payload.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Theoretical

Target: HiveMail (version not specified)

No auth needed

Prerequisites: Access to the vulnerable HiveMail application

MITRE ATT&CK