Exploitation Summary
EIP tracks 3 public exploits for CVE-2007-1606. PoCs published by laurent gaffie.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in w-Agora 4.2.1 by injecting a malicious script into the search.php URL parameters. The script executes arbitrary JavaScript, potentially stealing cookie-based authentication credentials.
Description
Multiple cross-site scripting (XSS) vulnerabilities in w-Agora (Web-Agora) allow remote attackers to inject arbitrary web script or HTML via (1) the showuser parameter to profile.php, the (2) search_forum or (3) search_user parameter to search.php, or (4) the userid parameter to change_password.php.
Exploits (3)
This exploit demonstrates a cross-site scripting (XSS) vulnerability in w-Agora 4.2.1 by injecting a malicious script into the search.php URL parameters. The script executes arbitrary JavaScript, potentially stealing cookie-based authentication credentials.
This exploit demonstrates a cross-site scripting (XSS) vulnerability in w-Agora 4.2.1 due to insufficient input sanitization. The PoC injects a script tag into the 'showuser' parameter to steal cookie-based authentication credentials.
This exploit demonstrates a cross-site scripting (XSS) vulnerability in w-Agora 4.2.1 by injecting a malicious script into the 'userid' parameter of the change_password.php page. The script steals cookie-based authentication credentials by triggering an alert with the document.cookie value.