CVE-2007-3364

MyServer 0.8.9 - Cross-Site Scripting via CGI Sample Page Body Content

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-3364. PoCs published by Prili.

AI-analyzed exploit summary The exploit demonstrates a cross-site scripting (XSS) vulnerability in MyServer 0.8.9 by injecting a malicious script into the 'Post' parameter of the CGI endpoint. The lack of input sanitization allows arbitrary JavaScript execution in the context of the affected site.

Description

Cross-site scripting (XSS) vulnerability in the cgi-bin/post.mscgi sample page in MyServer 0.8.9 allows remote attackers to inject arbitrary web script or HTML via the body content.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Prili · textremotemultiple

https://www.exploit-db.com/exploits/30222

View Code ZIP pw:eip

The exploit demonstrates a cross-site scripting (XSS) vulnerability in MyServer 0.8.9 by injecting a malicious script into the 'Post' parameter of the CGI endpoint. The lack of input sanitization allows arbitrary JavaScript execution in the context of the affected site.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: MyServer 0.8.9

No auth needed

Prerequisites: Access to the vulnerable CGI endpoint

MITRE ATT&CK