CVE-2006-3568

Fantastic Guestbook 2.0.1 - Cross-Site Scripting via First Name, Last Name, or Nickname Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-3568. PoCs published by omnipresent.

AI-analyzed exploit summary The provided text describes an XSS vulnerability in Fantastic GuestBook due to insufficient input sanitization. It explains how an attacker can inject malicious scripts into form fields, which execute when the guestbook page is loaded.

Description

Multiple cross-site scripting (XSS) vulnerabilities in guestbook.php in Fantastic Guestbook 2.0.1, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, or (3) nickname parameters.

Exploits (1)

exploitdb WRITEUP VERIFIED

by omnipresent · textwebappsphp

https://www.exploit-db.com/exploits/28206

View Code ZIP pw:eip

The provided text describes an XSS vulnerability in Fantastic GuestBook due to insufficient input sanitization. It explains how an attacker can inject malicious scripts into form fields, which execute when the guestbook page is loaded.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Fantastic GuestBook (version not specified)

No auth needed

Prerequisites: Access to the guestbook sign-in form

MITRE ATT&CK