CVE-2006-6925

bitweaver <= 1.3.1 - Stored Cross-Site Scripting via Article Title, Blog Post Title, or Wiki Description

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6925. PoCs published by laurent gaffie.

AI-analyzed exploit summary The provided text describes SQL injection and XSS vulnerabilities in Bitweaver 1.3.1 and prior versions due to insufficient input sanitization. It references a retired BID and includes a sample exploit URL for demonstration.

Description

Multiple cross-site scripting (XSS) vulnerabilities in bitweaver 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the message title field when submitting an article to articles/edit.php, (2) the message title field when submitting a blog post to blogs/post.php, or (3) the message description field when editing in the Sandbox in wiki/edit.php.

Exploits (1)

exploitdb WRITEUP VERIFIED

by laurent gaffie · textwebappsphp

https://www.exploit-db.com/exploits/28954

View Code ZIP pw:eip

The provided text describes SQL injection and XSS vulnerabilities in Bitweaver 1.3.1 and prior versions due to insufficient input sanitization. It references a retired BID and includes a sample exploit URL for demonstration.

Classification

Writeup 90%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Theoretical

Target: Bitweaver 1.3.1 and prior

No auth needed

Prerequisites: Access to the target application URL

MITRE ATT&CK