CVE-2007-6135

PHPSlideShow 0.9.9.2 - Cross-Site Scripting via Directory Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-6135. PoCs published by Jose Luis Gongora Fernandez.

AI-analyzed exploit summary The exploit demonstrates a cross-site scripting (XSS) vulnerability in PHPSlideShow 0.9.9.2 by injecting malicious HTML/iframe/EMBED tags via the 'directory' parameter. The PoC shows how arbitrary script execution can occur in the context of the affected site.

Description

Cross-site scripting (XSS) vulnerability in phpslideshow.php in PHPSlideShow 0.9.9.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the directory parameter. NOTE: this issue was originally reported for toonchapter8.php, but this is probably a site-specific name, since the PHPSlideShow distribution does not contain that file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Jose Luis Gongora Fernandez · textwebappsphp

https://www.exploit-db.com/exploits/30806

View Code ZIP pw:eip

The exploit demonstrates a cross-site scripting (XSS) vulnerability in PHPSlideShow 0.9.9.2 by injecting malicious HTML/iframe/EMBED tags via the 'directory' parameter. The PoC shows how arbitrary script execution can occur in the context of the affected site.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: PHPSlideShow 0.9.9.2

No auth needed

Prerequisites: Access to the vulnerable PHPSlideShow endpoint

MITRE ATT&CK