CVE-2006-3927

PhpProBid 5.24 - Cross-Site Scripting via auctionsearch.php advsrc Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-3927. PoCs published by EllipSiS Security.

AI-analyzed exploit summary The provided text describes a vulnerability in PHP Pro Bid version 5.24, specifically mentioning XSS and SQL injection due to improper input sanitization. It includes a sample XSS payload but lacks executable exploit code.

Description

Cross-site scripting (XSS) vulnerability in auctionsearch.php in PhpProBid 5.24 allows remote attackers to inject arbitrary web script or HTML via the advsrc parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by EllipSiS Security · textwebappsphp

https://www.exploit-db.com/exploits/28274

View Code ZIP pw:eip

The provided text describes a vulnerability in PHP Pro Bid version 5.24, specifically mentioning XSS and SQL injection due to improper input sanitization. It includes a sample XSS payload but lacks executable exploit code.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Theoretical

Target: PHP Pro Bid 5.24

No auth needed

Prerequisites: Access to the vulnerable auctionsearch.php endpoint

MITRE ATT&CK