CVE-2006-1701

Shadowed Portal < 5.7d2 - Cross-Site Scripting via Page Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1701. PoCs published by Liz0ziM.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in Shadowed Portal by injecting malicious scripts via the 'page' parameter in the 'load.php' file. The PoC includes examples of stealing cookies and executing arbitrary JavaScript.

Description

Cross-site scripting (XSS) vulnerability in the Pages module in Shadowed Portal allows remote attackers to inject arbitrary web script or HTML via the page parameter to load.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Liz0ziM · textwebappsphp

https://www.exploit-db.com/exploits/27591

View Code ZIP pw:eip

This exploit demonstrates a cross-site scripting (XSS) vulnerability in Shadowed Portal by injecting malicious scripts via the 'page' parameter in the 'load.php' file. The PoC includes examples of stealing cookies and executing arbitrary JavaScript.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Shadowed Portal (all versions)

No auth needed

Prerequisites: Access to a vulnerable Shadowed Portal instance

MITRE ATT&CK