CVE-2006-0974

bttlxeforum 2.0 - Cross-Site Scripting via failure.asp err_txt Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-0974. PoCs published by rUnViRuS.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in Battleaxe Software's bttlxeForum due to improper input sanitization. The PoC shows how arbitrary script code can be executed in the context of the affected site via a crafted URL.

Description

Cross-site scripting (XSS) vulnerability in failure.asp in Battleaxe bttlxeForum 2.0 allows remote attackers to inject arbitrary web script or HTML via the err_txt parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rUnViRuS · textwebappsasp

https://www.exploit-db.com/exploits/27310

View Code ZIP pw:eip

This exploit demonstrates a cross-site scripting (XSS) vulnerability in Battleaxe Software's bttlxeForum due to improper input sanitization. The PoC shows how arbitrary script code can be executed in the context of the affected site via a crafted URL.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Battleaxe Software's bttlxeForum

No auth needed

Prerequisites: Access to the target application's URL

MITRE ATT&CK