CVE-2006-2653

D-Link DSA-3100 AirSpot Gateway - Cross-Site Scripting via login_error.shtml uname Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-2653. PoCs published by Jaime Blasco.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in the D-Link Airspot DSA-3100 Gateway device. The vulnerability arises from insufficient input sanitization, allowing arbitrary script execution in the context of the affected site.

Description

Cross-site scripting (XSS) vulnerability in login_error.shtml for D-Link DSA-3100 allows remote attackers to inject arbitrary HTML or web script via an encoded uname parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Jaime Blasco · textremotehardware

https://www.exploit-db.com/exploits/27923

View Code ZIP pw:eip

This exploit demonstrates a cross-site scripting (XSS) vulnerability in the D-Link Airspot DSA-3100 Gateway device. The vulnerability arises from insufficient input sanitization, allowing arbitrary script execution in the context of the affected site.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: D-Link Airspot DSA-3100 Gateway

No auth needed

Prerequisites: Access to the vulnerable endpoint · User interaction to trigger the payload

MITRE ATT&CK