CVE-2006-1275

GGZ Gaming Zone 0.0.12 - Denial of Service via Malformed XML Input

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1275. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary The exploit demonstrates a denial-of-service vulnerability in GGZ Gaming Zone due to improper input sanitization. It provides malformed XML payloads that can terminate a victim's connection to the server.

Description

GGZ Gaming Zone 0.0.12 allows remote attackers to cause a denial of service (client disconnect) via inputs that produce malformed XML, including (1) trailing ' (apostrophe) character on the ID attribute in a PLAYER XML tag, (2) joining with a long ID attribute or non-trailing ' characters, which causes a <none> name to be assigned, and then disconnecting, or (3) a long CDATA message attribute, which prevents closing tags from being added to the string.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Luigi Auriemma · textdosmultiple

https://www.exploit-db.com/exploits/27421

View Code ZIP pw:eip

The exploit demonstrates a denial-of-service vulnerability in GGZ Gaming Zone due to improper input sanitization. It provides malformed XML payloads that can terminate a victim's connection to the server.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: GGZ Gaming Zone (version not specified)

No auth needed

Prerequisites: Network access to the GGZ Gaming Zone server

MITRE ATT&CK