CVE-2006-7042

chipmunk_directory - Cross-Site Scripting via Start Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-7042. PoCs published by black-code.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in Chipmunk Directory due to improper input sanitization. The example URL demonstrates how an attacker could inject arbitrary script code via the 'start' parameter.

Description

Cross-site scripting (XSS) vulnerability in directory/index.php in Chipmunk directory allows remote attackers to inject arbitrary web script or HTML via the start parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by black-code · textwebappsphp

https://www.exploit-db.com/exploits/27909

View Code ZIP pw:eip

The provided text describes a cross-site scripting (XSS) vulnerability in Chipmunk Directory due to improper input sanitization. The example URL demonstrates how an attacker could inject arbitrary script code via the 'start' parameter.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Theoretical

Target: Chipmunk Directory (version not specified)

No auth needed

Prerequisites: Access to a vulnerable instance of Chipmunk Directory · Ability to craft a malicious URL with XSS payload

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/18119

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/435381/30/4770/threaded

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/2288

Scores

EPSS 0.0169

EPSS Percentile 74.1%

Details

Status published

Products (1)

chipmunk_scripts/chipmunk_directory

Published Feb 24, 2007

Tracked Since Feb 18, 2026