CVE-2006-2181

Exploitation Summary

EIP tracks 2 public exploits for CVE-2006-2181. PoCs published by r0t.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in Albinator, where user-supplied input is not properly sanitized. The example URL demonstrates how an attacker could inject arbitrary script code via the 'preloadSlideShow' parameter.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Albinator 2.0.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) cid parameter to dlisting.php or (2) preloadSlideShow parameter to showpic.php.

Exploits (2)

exploitdb WRITEUP VERIFIED

by r0t · textwebappsphp

https://www.exploit-db.com/exploits/27811

View Code ZIP pw:eip

The provided text describes a cross-site scripting (XSS) vulnerability in Albinator, where user-supplied input is not properly sanitized. The example URL demonstrates how an attacker could inject arbitrary script code via the 'preloadSlideShow' parameter.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Theoretical

Target: Albinator (version not specified)

No auth needed

Prerequisites: Access to a vulnerable Albinator instance · Ability to craft a malicious URL

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →