CVE-2006-3061
published 2006-06-19CVE-2006-3061: Multiple cross-site scripting (XSS) vulnerabilities in 5 Star Review allow remote attackers to inject arbitrary web script or HTML via the (1) sort parameter…
PriorityP419low2.6CVSS 2.0
AVNACHAuNCNIPAN
EXPLOIT
EPSS
6.69%
93.1th percentile
Multiple cross-site scripting (XSS) vulnerabilities in 5 Star Review allow remote attackers to inject arbitrary web script or HTML via the (1) sort parameter in index2.php, (2) item_id parameter in report.php, (3) search_term parameter (aka the "search box") in search_reviews.php, (4) the profile field in usercp/profile_edit1.php, and the (5) review field in review_form.php.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
CactuShop 6.0 - Database Disclosure
exploitdb·2009-12-26
CVE-2007-3061 CactuShop 6.0 - Database Disclosure
CactuShop 6.0 - Database Disclosure
---
_ _ _ _ _ _
/ \ | | | | / \ | | | |
/ _ \ | | | | / _ \ | |_| |
/ ___ \ | |___ | |___ / ___ \ | _ |
/_/ \_\ |_____| |_____| /_/ \_\ |_| |_|
[�] ~ Note : Forever RevengeHack.Com
[�] CactuShop v6 Database Disclosure Vulnerability
[�] Script: [ CactuShop v6 ]
[�] Language: [ ASP ]
[�] Download: [ http://www.aspindir.com/Goster/3114]
[�] Founder: [ LionTurk - [email protected] }
[�] My Home: [ RevengeHack.com ]
[�]N0T3 : Yeni Ac�klar�m� Bekleyin
###########################################################################
===[ Exploit And Dork ]===
[�] http://[target].com/[path]/database/cactushop6.mdb
[�] CactuShop v6 ASP Shopping Cart �1999-2006 Cactusoft International FZ-LLC & Cactusoft Ltd. All rights reserved.
[�
Exploit-DB
Five Star Review Script - 'index2.php?sort' Cross-Site Scripting
exploitdb·2006-06-12
CVE-2006-3061 Five Star Review Script - 'index2.php?sort' Cross-Site Scripting
Five Star Review Script - 'index2.php?sort' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/18390/info
Five Star Review Script is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input.
An attacker can exploit these issues to run arbitrary HTML and script code in the browser of a victim in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, to control how the site is rendered to the user, and to launch other attacks.
http://www.example.com/index2.php?pg=2&item_id=11&sort=review.id'>">'><"<"<"<"&order=DESC&PHPSESSID=91c137efddf8844a26f5c57a8ca2d57d
Exploit-DB
Five Star Review Script - 'report.php?item_id' Cross-Site Scripting
exploitdb·2006-06-12
CVE-2006-3061 Five Star Review Script - 'report.php?item_id' Cross-Site Scripting
Five Star Review Script - 'report.php?item_id' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/18390/info
Five Star Review Script is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input.
An attacker can exploit these issues to run arbitrary HTML and script code in the browser of a victim in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, to control how the site is rendered to the user, and to launch other attacks.
http://www.example.com/report.php?id=970&item_id=251'>">'><"<"<"<"
No writeups or analysis indexed.
http://secunia.com/advisories/20613http://securityreason.com/securityalert/1107http://www.osvdb.org/26496http://www.osvdb.org/26497http://www.osvdb.org/26498http://www.osvdb.org/26499http://www.securityfocus.com/archive/1/436771/100/0/threadedhttp://www.securityfocus.com/bid/18390http://www.vupen.com/english/advisories/2006/2346https://exchange.xforce.ibmcloud.com/vulnerabilities/27188https://exchange.xforce.ibmcloud.com/vulnerabilities/27189https://exchange.xforce.ibmcloud.com/vulnerabilities/27190https://exchange.xforce.ibmcloud.com/vulnerabilities/27192http://secunia.com/advisories/20613http://securityreason.com/securityalert/1107http://www.osvdb.org/26496http://www.osvdb.org/26497http://www.osvdb.org/26498http://www.osvdb.org/26499http://www.securityfocus.com/archive/1/436771/100/0/threadedhttp://www.securityfocus.com/bid/18390http://www.vupen.com/english/advisories/2006/2346https://exchange.xforce.ibmcloud.com/vulnerabilities/27188https://exchange.xforce.ibmcloud.com/vulnerabilities/27189https://exchange.xforce.ibmcloud.com/vulnerabilities/27190https://exchange.xforce.ibmcloud.com/vulnerabilities/27192
2006-06-19
Published