CVE-2006-4608

Longino Jacome php-Revista 1.1.2 - Cross-Site Scripting via cadena or email Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4608. PoCs published by SirDarckCat.

AI-analyzed exploit summary This is a writeup detailing multiple vulnerabilities in Revista 1.1.2, including Remote File Inclusion, SQL Injection, Credentials Bypass, and XSS. It provides URLs for exploitation but lacks executable code.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Longino Jacome php-Revista 1.1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) cadena parameter in busqueda.php and the (2) email parameter in lista.php.

Exploits (1)

exploitdb WRITEUP VERIFIED

by SirDarckCat · textwebappsphp

https://www.exploit-db.com/exploits/8425

View Code ZIP pw:eip

This is a writeup detailing multiple vulnerabilities in Revista 1.1.2, including Remote File Inclusion, SQL Injection, Credentials Bypass, and XSS. It provides URLs for exploitation but lacks executable code.

Classification

Writeup 90%

Attack Type

Sqli | Xss | Auth Bypass | Info Leak

Complexity

Trivial

Reliability

Theoretical

Target: Revista 1.1.2

No auth needed

Prerequisites: Network access to the target application

MITRE ATT&CK