CVE-2006-0650
published 2006-02-13CVE-2006-0650: Cross-site scripting (XSS) vulnerability in cpaint2.inc.php in the CPAINT library before 2.0.3, as used in multiple scripts, allows remote attackers to inject…
PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
2.14%
79.8th percentile
Cross-site scripting (XSS) vulnerability in cpaint2.inc.php in the CPAINT library before 2.0.3, as used in multiple scripts, allows remote attackers to inject arbitrary web script or HTML via the cpaint_response_type parameter, which is displayed in a resulting error message, as demonstrated using a hex-encoded IFRAME tag.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cpaint | cpaint | — | — |
| cpaint | cpaint | — | — |
| cpaint | cpaint | — | — |
| cpaint | cpaint | — | — |
| cpaint | cpaint | — | — |
| cpaint | cpaint | — | — |
| cpaint | cpaint | — | — |
| cpaint | cpaint | — | — |
| cpaint | cpaint | — | — |
| cpaint | cpaint | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
ContentServ 4.x - '/admin/FileServer.php' File Disclosure
exploitdb·2006-12-01
CVE-2006-6277 ContentServ 4.x - '/admin/FileServer.php' File Disclosure
ContentServ 4.x - '/admin/FileServer.php' File Disclosure
---
ContentServ again (still) features remote reading of arbitrary files
ContentServ is a cms and "cross media publishing" software.
Let me quote from their website:
"At ContentServ, there is always something happening. We continously enhance our products and services.[...]"
Ok.
Now for the real fun remember:
http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0650.html
Still with me? Ok. Lets forget the sql injections for a moment, what if we try:
http://somesite/contentserv/4.2/admin/FileServer.php?src=../../../../../etc/passwd
# milw0rm.com [2006-12-01]
Exploit-DB
CPAINT 1.3/2.0.2 - 'TYPE.php' Cross-Site Scripting
exploitdb·2006-02-08
CVE-2006-0650 CPAINT 1.3/2.0.2 - 'TYPE.php' Cross-Site Scripting
CPAINT 1.3/2.0.2 - 'TYPE.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/16559/info
CPAINT is prone to a cross-site scripting vulnerability.
This issue affects the 'type.php' script and may facilitate the theft of cookie-based authentication credentials as well as other attacks.
CPAINT 2.0.2 and prior versions are affected.
http://www.example.com/examples/type/type.php?cpaint_response_type=%3Ciframe%20src=http://www.gulftech.org/%3E
No writeups or analysis indexed.
http://cpaint.booleansystems.com/forums/viewtopic.php?t=98http://secunia.com/advisories/18765http://securitytracker.com/id?1015608http://www.gulftech.org/?node=research&article_id=00097-02092006http://www.securityfocus.com/archive/1/424663/100/0/threadedhttp://www.securityfocus.com/bid/16559http://www.vupen.com/english/advisories/2006/0487https://exchange.xforce.ibmcloud.com/vulnerabilities/24594http://cpaint.booleansystems.com/forums/viewtopic.php?t=98http://secunia.com/advisories/18765http://securitytracker.com/id?1015608http://www.gulftech.org/?node=research&article_id=00097-02092006http://www.securityfocus.com/archive/1/424663/100/0/threadedhttp://www.securityfocus.com/bid/16559http://www.vupen.com/english/advisories/2006/0487https://exchange.xforce.ibmcloud.com/vulnerabilities/24594
2006-02-13
Published