ID EDB-ID:28732 Type exploitdb Reporter You_You Modified 2006-09-30T00:00:00
Description
Yblog funk.php id Parameter XSS. CVE-2006-5146. Webapps exploit for php platform
source: http://www.securityfocus.com/bid/20280/info
Yblog is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data.
An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
http://www.example.com/[path]/funk.php?id="><script>alert('test!')</script><
{"id": "EDB-ID:28732", "hash": "ad62e39bd8fd7094a0a415b47cf54b84", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Yblog funk.php id Parameter XSS", "description": "Yblog funk.php id Parameter XSS. CVE-2006-5146. Webapps exploit for php platform", "published": "2006-09-30T00:00:00", "modified": "2006-09-30T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/28732/", "reporter": "You_You", "references": [], "cvelist": ["CVE-2006-5146"], "lastseen": "2016-02-03T08:48:03", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 5.2, "vector": "NONE", "modified": "2016-02-03T08:48:03"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-5146"]}, {"type": "osvdb", "idList": ["OSVDB:32326", "OSVDB:32327", "OSVDB:32328"]}, {"type": "exploitdb", "idList": ["EDB-ID:28734", "EDB-ID:28733"]}], "modified": "2016-02-03T08:48:03"}, "vulnersScore": 5.2}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/28732/", "sourceData": "source: http://www.securityfocus.com/bid/20280/info\r\n\r\nYblog is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data.\r\n\r\nAn attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.\r\n\r\nhttp://www.example.com/[path]/funk.php?id=\"><script>alert('test!')</script><", "osvdbidlist": ["32326"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}
{"cve": [{"lastseen": "2019-05-29T18:08:34", "bulletinFamily": "NVD", "description": "Multiple cross-site scripting (XSS) vulnerabilities in Yblog allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in (a) funk.php, or the (2) action parameter in (b) tem.php and (c) uss.php.", "modified": "2018-10-17T21:41:00", "id": "CVE-2006-5146", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5146", "published": "2006-10-05T04:04:00", "title": "CVE-2006-5146", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "exploitdb": [{"lastseen": "2016-02-03T08:48:19", "bulletinFamily": "exploit", "description": "Yblog uss.php action Parameter XSS. CVE-2006-5146. Webapps exploit for php platform", "modified": "2006-09-30T00:00:00", "published": "2006-09-30T00:00:00", "id": "EDB-ID:28734", "href": "https://www.exploit-db.com/exploits/28734/", "type": "exploitdb", "title": "Yblog uss.php action Parameter XSS", "sourceData": "source: http://www.securityfocus.com/bid/20280/info\r\n \r\nYblog is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data.\r\n \r\nAn attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.\r\n \r\nhttp://www.example.com/[path]/uss.php?action=\"><script>alert('test!')</script>", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/28734/"}, {"lastseen": "2016-02-03T08:48:11", "bulletinFamily": "exploit", "description": "Yblog tem.php action Parameter XSS. CVE-2006-5146. Webapps exploit for php platform", "modified": "2006-09-30T00:00:00", "published": "2006-09-30T00:00:00", "id": "EDB-ID:28733", "href": "https://www.exploit-db.com/exploits/28733/", "type": "exploitdb", "title": "Yblog tem.php action Parameter XSS", "sourceData": "source: http://www.securityfocus.com/bid/20280/info\r\n \r\nYblog is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data.\r\n \r\nAn attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.\r\n \r\nhttp://www.example.com[path]/tem.php?action=\"><script>alert('test!')</script><", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/28733/"}], "osvdb": [{"lastseen": "2017-04-28T13:20:28", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\n[Related OSVDB ID: 32326](https://vulners.com/osvdb/OSVDB:32326)\n[Related OSVDB ID: 32327](https://vulners.com/osvdb/OSVDB:32327)\nMail List Post: http://www.attrition.org/pipermail/vim/2006-October/001065.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0512.html\nISS X-Force ID: 29291\n[CVE-2006-5146](https://vulners.com/cve/CVE-2006-5146)\nBugtraq ID: 20280\n", "modified": "2006-09-30T19:38:31", "published": "2006-09-30T19:38:31", "href": "https://vulners.com/osvdb/OSVDB:32328", "id": "OSVDB:32328", "title": "Yblog uss.php action Variable XSS", "type": "osvdb", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:28", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\n[Related OSVDB ID: 32328](https://vulners.com/osvdb/OSVDB:32328)\n[Related OSVDB ID: 32327](https://vulners.com/osvdb/OSVDB:32327)\nMail List Post: http://www.attrition.org/pipermail/vim/2006-October/001065.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0512.html\nISS X-Force ID: 29291\n[CVE-2006-5146](https://vulners.com/cve/CVE-2006-5146)\nBugtraq ID: 20280\n", "modified": "2006-09-30T19:38:31", "published": "2006-09-30T19:38:31", "href": "https://vulners.com/osvdb/OSVDB:32326", "id": "OSVDB:32326", "title": "Yblog funk.php id Variable XSS", "type": "osvdb", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:28", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\n[Related OSVDB ID: 32328](https://vulners.com/osvdb/OSVDB:32328)\n[Related OSVDB ID: 32326](https://vulners.com/osvdb/OSVDB:32326)\nMail List Post: http://www.attrition.org/pipermail/vim/2006-October/001065.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0512.html\nISS X-Force ID: 29291\n[CVE-2006-5146](https://vulners.com/cve/CVE-2006-5146)\nBugtraq ID: 20280\n", "modified": "2006-09-30T19:38:31", "published": "2006-09-30T19:38:31", "href": "https://vulners.com/osvdb/OSVDB:32327", "id": "OSVDB:32327", "title": "Yblog tem.php action Variable XSS", "type": "osvdb", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
