CVE-2006-6487

DT Guestbook 1.0f - Cross-Site Scripting via Error Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6487. PoCs published by Jesper Jurcenoks.

AI-analyzed exploit summary The exploit describes a cross-site scripting (XSS) vulnerability in the 'dt_guestbook' program version 1.0f. The vulnerability arises due to insufficient input sanitization, allowing arbitrary script execution in the context of the affected site.

Description

Cross-site scripting (XSS) vulnerability in index.php in DT Guestbook (dt_guestbook) 1.0f, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the error[] parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Jesper Jurcenoks · textwebappsphp

https://www.exploit-db.com/exploits/29472

View Code ZIP pw:eip

The exploit describes a cross-site scripting (XSS) vulnerability in the 'dt_guestbook' program version 1.0f. The vulnerability arises due to insufficient input sanitization, allowing arbitrary script execution in the context of the affected site.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: dt_guestbook v1.0f

No auth needed

Prerequisites: Access to the vulnerable application

MITRE ATT&CK