CVE-2006-1120
DCP-Portal <= 6.1.1 - Cross-Site Scripting via Multiple Parameters
Title source: llmExploitation Summary
EIP tracks 6 public exploits for CVE-2006-1120. PoCs published by Nenad Jovanovic.
AI-analyzed exploit summary This exploit demonstrates multiple XSS vulnerabilities in DCP Portal by injecting malicious scripts into various parameters of the 'mycontents.php' file. The scripts redirect the user's cookies to an attacker-controlled server.
Description
Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 6.1.1 and earlier, with register_globals enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) its_url parameter in the documents page and (2) url parameter in the send_write page of (a) index.php; (3) subject, and (4) images parameters to (b) calendar.php; (5) bid, (6) replying_msg, (7) subject, (8) body, and (9) mid parameters to (c) forums.php; (10) subject and (11) message parameters to (d) inbox.php; (12) subject_color and (13) email parameters to (e) lostpassword.php; and the (14) c_name, (15) content_inicial, and (16) cid parameters to (f) mycontents.php. NOTE: the calendar.php/day vector is already subsumed by CVE-2006-0220, and the calendar.php/month, calendar.php/year, and search.php/q parameters for calendar.php are already subsumed by CVE-2004-2511.
Exploits (6)
This exploit demonstrates multiple XSS vulnerabilities in DCP Portal by injecting malicious scripts into various parameters of the 'mycontents.php' file. The scripts redirect the user's cookies to an attacker-controlled server.
This exploit demonstrates multiple XSS vulnerabilities in DCP Portal by injecting malicious scripts via the 'subject_color' and 'email' parameters in the lostpassword.php page. The scripts redirect users to a malicious site to steal cookies.
This exploit demonstrates multiple XSS vulnerabilities in DCP Portal by injecting malicious JavaScript via the 'its_url' and 'url' parameters. The PoC redirects the victim's browser to a malicious site while exfiltrating cookie data.
This exploit demonstrates multiple XSS vulnerabilities in DCP Portal by injecting malicious JavaScript into form inputs, which can steal cookies when executed in a victim's browser.
This exploit demonstrates multiple XSS vulnerabilities in DCP Portal by injecting malicious scripts into various input fields, leading to cookie theft. The PoC includes both GET and POST-based attack vectors.
This exploit demonstrates multiple XSS vulnerabilities in DCP Portal's calendar.php by injecting malicious scripts via unsanitized parameters like subject_color, images, day, and year. The scripts redirect users to a malicious site to steal cookies.