Vulnerabilities > CVE-2006-6871 - Scripts Multiple Input Validation vulnerability in Endonesia 8.4
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple cross-site scripting (XSS) vulnerabilities in eNdonesia 8.4 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter in a viewlink operation in mod.php, (2) the intypeid parameter in a showinfo operation in the informasi module in mod.php, (3) the "your Friend" field in friend.php, or (4) the "Main Text" field in admin.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | eNdonesia 8.4 (mod.php/friend.php/admin.php) Multiple Vulnerabilities. CVE-2006-6871,CVE-2006-6872,CVE-2006-6873. Webapps exploit for php platform |
file | exploits/php/webapps/3004.txt |
id | EDB-ID:3004 |
last seen | 2016-01-31 |
modified | 2006-12-25 |
platform | php |
port | |
published | 2006-12-25 |
reporter | z1ckX(ru) |
source | https://www.exploit-db.com/download/3004/ |
title | eNdonesia 8.4 mod.php/friend.php/admin.php Multiple Vulnerabilities |
type | webapps |