CVE-2007-1714

CcCounter 2.0 - Cross-Site Scripting via dir Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1714. PoCs published by Crackers_Child.

AI-analyzed exploit summary The exploit describes a cross-site scripting (XSS) vulnerability in CcCounter 2.0 due to improper input sanitization. The provided URL demonstrates how an attacker can inject arbitrary JavaScript code via the 'dir' parameter.

Description

Cross-site scripting (XSS) vulnerability in index.php in CcCounter 2.0 allows remote attackers to inject arbitrary web script or HTML via dir parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Crackers_Child · textwebappsphp

https://www.exploit-db.com/exploits/29776

View Code ZIP pw:eip

The exploit describes a cross-site scripting (XSS) vulnerability in CcCounter 2.0 due to improper input sanitization. The provided URL demonstrates how an attacker can inject arbitrary JavaScript code via the 'dir' parameter.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: CcCounter 2.0

No auth needed

Prerequisites: Access to a vulnerable CcCounter instance

MITRE ATT&CK