source: http://www.securityfocus.com/bid/20232/info
MKPortal is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
MKPortal 1.1 R1 and previous versions are vulnerable; other versions may also be affected.
http://www.example.com/mkportal/include/pmpopup.php?u1=www.c-group.org&m1=<script>alert(document.cookie)</script>&m2=<h1>h4x0r3d</h1>&m3=by&m4=<h1>HANOWARS</h1>
{"id": "EDB-ID:28716", "hash": "2a6c48d00eb109dd8c5b1868539bf7d1", "type": "exploitdb", "bulletinFamily": "exploit", "title": "MKPortal 1.0/1.1 PMPopup.PHP Cross-Site Scripting Vulnerability", "description": "MKPortal 1.0/1.1 PMPopup.PHP Cross-Site Scripting Vulnerability. CVE-2006-2066. Webapps exploit for php platform", "published": "2006-09-27T00:00:00", "modified": "2006-09-27T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/28716/", "reporter": "HanowarS", "references": [], "cvelist": ["CVE-2006-2066"], "lastseen": "2016-02-03T08:46:02", "history": [], "viewCount": 1, "enchantments": {"score": {"value": 4.8, "vector": "NONE", "modified": "2016-02-03T08:46:02"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-2066"]}, {"type": "osvdb", "idList": ["OSVDB:24901"]}], "modified": "2016-02-03T08:46:02"}, "vulnersScore": 4.8}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/28716/", "sourceData": "source: http://www.securityfocus.com/bid/20232/info\r\n\r\nMKPortal is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.\r\n\r\nAn attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.\r\n\r\nMKPortal 1.1 R1 and previous versions are vulnerable; other versions may also be affected.\r\n\r\nhttp://www.example.com/mkportal/include/pmpopup.php?u1=www.c-group.org&m1=<script>alert(document.cookie)</script>&m2=<h1>h4x0r3d</h1>&m3=by&m4=<h1>HANOWARS</h1>", "osvdbidlist": ["24901"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}
{"cve": [{"lastseen": "2019-05-29T18:08:32", "bulletinFamily": "NVD", "description": "Multiple cross-site scripting (XSS) vulnerabilities pm_popup.php in MKPortal 1.1 Rc1 and earlier, as used with vBulletin 3.5.4 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) u1, (2) m1, (3) m2, (4) m3, (5) m4 parameters.", "modified": "2018-10-18T16:37:00", "id": "CVE-2006-2066", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2066", "published": "2006-04-27T13:34:00", "title": "CVE-2006-2066", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:21", "bulletinFamily": "software", "description": "## Vulnerability Description\nMKPortal contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'u1', 'm1', 'm2', 'm3', and 'm4' variables upon submission to the pm_popup.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nMKPortal contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'u1', 'm1', 'm2', 'm3', and 'm4' variables upon submission to the pm_popup.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Manual Testing Notes\nhttp://[target]/[mkportaldir]/includes/pm_popup.php?u1=[XSS]&m1=[XSS]&m2=[XSS]&m3=[XSS]&m4=[XSS]\n## References:\nVendor URL: http://www.mkportal.it/\nSecurity Tracker: 1015977\n[Secunia Advisory ID:19786](https://secuniaresearch.flexerasoftware.com/advisories/19786/)\n[Related OSVDB ID: 24900](https://vulners.com/osvdb/OSVDB:24900)\nOther Advisory URL: http://www.nukedx.com/?viewdoc=26\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0563.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0458.html\nFrSIRT Advisory: ADV-2006-1485\n[CVE-2006-2066](https://vulners.com/cve/CVE-2006-2066)\nBugtraq ID: 17651\nBugtraq ID: 20232\n", "modified": "2006-04-21T11:32:38", "published": "2006-04-21T11:32:38", "href": "https://vulners.com/osvdb/OSVDB:24901", "id": "OSVDB:24901", "type": "osvdb", "title": "MKPortal pm_popup.php Multiple Variable XSS", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}
