Exploitation Summary
EIP tracks 1 public exploit for CVE-2006-2001. PoCs published by mayank.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in Scry Gallery 1.1 due to improper input sanitization. The PoC provides a URL that injects arbitrary JavaScript code into the 'p' parameter, which executes in the context of the affected site.
Description
Cross-site scripting (XSS) vulnerability in index.php in Scry Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: this is a different vulnerability than the directory traversal vector.
Exploits (1)
This exploit demonstrates a cross-site scripting (XSS) vulnerability in Scry Gallery 1.1 due to improper input sanitization. The PoC provides a URL that injects arbitrary JavaScript code into the 'p' parameter, which executes in the context of the affected site.