CVE-2007-3212

Beehive Forum 0.7.1 - Cross-Site Scripting via links.php Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-3212. PoCs published by Ory Segal.

AI-analyzed exploit summary This exploit demonstrates multiple XSS vulnerabilities in Beehive Forum 0.71 by injecting arbitrary JavaScript via unsanitized input parameters in the 'links.php' endpoint. The PoC uses script tags to trigger an alert, proving the vulnerability.

Description

Multiple cross-site scripting (XSS) vulnerabilities in links.php in Beehive Forum 0.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) viewmode, (2) fid, and (3) sort_dir parameters, different vectors than CVE-2005-4460.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Ory Segal · textwebappsphp

https://www.exploit-db.com/exploits/30170

View Code ZIP pw:eip

This exploit demonstrates multiple XSS vulnerabilities in Beehive Forum 0.71 by injecting arbitrary JavaScript via unsanitized input parameters in the 'links.php' endpoint. The PoC uses script tags to trigger an alert, proving the vulnerability.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Beehive Forum 0.71

No auth needed

Prerequisites: Access to the target Beehive Forum instance

MITRE ATT&CK