CVE-2006-1916

dbbs < 2.0-alpha - Cross-Site Scripting via ulocation or uhobbies Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1916. PoCs published by rgod.

AI-analyzed exploit summary The exploit demonstrates command execution and XSS vulnerabilities in DbbS due to improper input sanitization. It includes example URLs to execute arbitrary commands and inject JavaScript.

Description

Multiple cross-site scripting (XSS) vulnerabilities in profile.php in DbbS 2.0-alpha and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ulocation or (2) uhobbies parameters.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · textwebappsphp

https://www.exploit-db.com/exploits/27663

View Code ZIP pw:eip

The exploit demonstrates command execution and XSS vulnerabilities in DbbS due to improper input sanitization. It includes example URLs to execute arbitrary commands and inject JavaScript.

Classification

Working Poc 90%

Attack Type

Rce | Xss

Complexity

Trivial

Reliability

Reliable

Target: DbbS (version not specified)

No auth needed

Prerequisites: Network access to the target application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/17559

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/25923

Exploit, Vendor Advisory mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/431117

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/771

Scores

EPSS 0.0193

EPSS Percentile 77.4%

Details

Status published

Products (2)

dbbs/dbbs 2.0

dbbs/dbbs < 2.0-alpha

Published Apr 20, 2006

Tracked Since Feb 18, 2026