CVE-2006-4796

Snitz Forums 2000 3.4.06 - Cross-Site Scripting via Sortorder Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4796. PoCs published by ajann.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in Snitz Forums 2000 due to insufficient sanitization of user-supplied input in the 'sortorder' parameter. The PoC injects a script tag that triggers an alert dialog, proving the vulnerability.

Description

Cross-site scripting (XSS) vulnerability in forum.asp in Snitz Forums 2000 3.4.06 allows remote attackers to inject arbitrary web script or HTML via the sortorder parameter (strtopicsortord variable).

Exploits (1)

exploitdb WORKING POC VERIFIED

by ajann · textwebappsasp

https://www.exploit-db.com/exploits/28566

View Code ZIP pw:eip

This exploit demonstrates a cross-site scripting (XSS) vulnerability in Snitz Forums 2000 due to insufficient sanitization of user-supplied input in the 'sortorder' parameter. The PoC injects a script tag that triggers an alert dialog, proving the vulnerability.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Snitz Forums 2000 version 3.4.06

No auth needed

Prerequisites: Access to the vulnerable forum page

MITRE ATT&CK