CVE-2007-3189

Just For Fun Network Management System 0.8.3 - Cross-Site Scripting via User Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-3189. PoCs published by Tim Brown.

AI-analyzed exploit summary The provided text describes multiple vulnerabilities in JFFNMS, including XSS, SQL injection, and information disclosure, but does not contain functional exploit code. It references a SecurityFocus BID and outlines potential attack vectors without technical implementation details.

Description

Cross-site scripting (XSS) vulnerability in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to inject arbitrary web script or HTML via the user parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Tim Brown · textwebappsphp

https://www.exploit-db.com/exploits/30172

View Code ZIP pw:eip

The provided text describes multiple vulnerabilities in JFFNMS, including XSS, SQL injection, and information disclosure, but does not contain functional exploit code. It references a SecurityFocus BID and outlines potential attack vectors without technical implementation details.

Classification

Writeup 80%

Attack Type

Xss | Sqli | Info Leak

Complexity

Trivial

Reliability

Theoretical

Target: Just For Fun Network Management and Monitoring System (JFFNMS) versions prior to 0.8.4-pre3

No auth needed

Prerequisites: Network access to the target application

MITRE ATT&CK