CVE-2006-1697

matt_wright_guestbook < 2.3.1 - Cross-Site Scripting via Your Name, E-Mail, or Comments Fields

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1697. PoCs published by Liz0ziM.

AI-analyzed exploit summary The provided code is a writeup describing multiple HTML-injection vulnerabilities in Guestbook software. It includes examples of XSS payloads but does not contain functional exploit code.

Description

Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) Your Name, (2) E-Mail, or (3) Comments fields when posting a message.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Liz0ziM · textwebappscgi

https://www.exploit-db.com/exploits/27594

View Code ZIP pw:eip

The provided code is a writeup describing multiple HTML-injection vulnerabilities in Guestbook software. It includes examples of XSS payloads but does not contain functional exploit code.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Theoretical

Target: Guestbook (version not specified)

No auth needed

Prerequisites: Access to input fields vulnerable to HTML injection

MITRE ATT&CK