CVE-2007-6700

OpenBSD 4.1 - Cross-Site Scripting via BGPD Web Interface cmd Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-6700. PoCs published by Anton Karpov.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in OpenBSD's bgplg CGI application by injecting a malicious script into the 'cmd' parameter. The vulnerability arises due to insufficient input sanitization, allowing arbitrary JavaScript execution in the context of the affected site.

Description

Cross-site scripting (XSS) vulnerability in cgi-bin/bgplg in the web interface for the BGPD daemon in OpenBSD 4.1 allows remote attackers to inject arbitrary web script or HTML via the cmd parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Anton Karpov · textwebappscgi

https://www.exploit-db.com/exploits/31081

View Code ZIP pw:eip

This exploit demonstrates a cross-site scripting (XSS) vulnerability in OpenBSD's bgplg CGI application by injecting a malicious script into the 'cmd' parameter. The vulnerability arises due to insufficient input sanitization, allowing arbitrary JavaScript execution in the context of the affected site.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: OpenBSD bgplg (shipped with OpenBSD 4.1)

No auth needed

Prerequisites: Access to the vulnerable CGI endpoint

MITRE ATT&CK