CVE-2006-5516

WikiNi - Cross-Site Scripting via Name and Email Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5516. PoCs published by Raphael Huck.

AI-analyzed exploit summary This exploit demonstrates an XSS vulnerability in WikiNi versions prior to 0.4.4 by injecting arbitrary script code into the 'name' and 'email' parameters of a login form. The PoC uses a simple HTML form to trigger the vulnerability when submitted.

Description

Multiple cross-site scripting (XSS) vulnerabilities in actions/usersettings.php in WikiNi before 0.4.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) email parameters to wakka.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Raphael Huck · htmlwebappsphp

https://www.exploit-db.com/exploits/28846

View Code ZIP pw:eip

This exploit demonstrates an XSS vulnerability in WikiNi versions prior to 0.4.4 by injecting arbitrary script code into the 'name' and 'email' parameters of a login form. The PoC uses a simple HTML form to trigger the vulnerability when submitted.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: WikiNi < 0.4.4

No auth needed

Prerequisites: Access to the target WikiNi instance

MITRE ATT&CK