Exploit

EDB-ID: 26086	Author: Lostmon	Published: 2005-08-05
CVE: CVE-2008-6562	Type: Webapps	Platform: PHP
Aliases: N/A	Advisory/Source: Link	Tags: N/A
E-DB Verified:	Exploit: Download / View Raw	Vulnerable App: N/A

« Previous Exploit Next Exploit »

source: http://www.securityfocus.com/bid/14481/info
     
Jax PHP Scripts are affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input.
     
An attacker may leverage any of these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks. 

http://www.example.com/linklists/jax_linklists.php?language=English[XSS-CODE]
http://www.example.com/linklists/jax_linklists.php?do=list&list_id=0&language=english&cat=Religion[XSS-CODE]

Related Exploits

Trying to match CVEs (1): CVE-2008-6562
Trying to match OSVDBs (1): 18581
Other Possible E-DB Search Terms: Jax PHP Scripts 1.0/1.34/2.14/3.31, Jax PHP Scripts 1.0, Jax PHP Scripts

Date	Title	Author
2008-03-31	Jack (tR) Jax LinkLists 1.00 - 'jax_linklists.php' Cross-Site Scripting	ZoRLu
2005-08-05	Jax PHP Scripts 1.0/1.34/2.14/3.31 - Guestbook File Client IP Disclosure	Lostmon
2005-08-05	Jax PHP Scripts 1.0/1.34/2.14/3.31 - guestbook_ips2block Banned IP List Disclosure	Lostmon
2005-08-05	Jax PHP Scripts 1.0/1.34/2.14/3.31 - ips2block Banned IP List Disclosure	Lostmon
2005-08-05	Jax PHP Scripts 1.0/1.34/2.14/3.31 - logfile.csv User IP Disclosure	Lostmon
2005-08-05	Jax PHP Scripts 1.0/1.34/2.14/3.31 - 'jax_newsletter.php' language Parameter Cross-Site Scripting	Lostmon
2005-08-05	Jax PHP Scripts 1.0/1.34/2.14/3.31 - archive.php language Parameter Cross-Site Scripting	Lostmon
2005-08-05	Jax PHP Scripts 1.0/1.34/2.14/3.31 - dwt_editor.php Multiple Parameter Cross-Site Scripting	Lostmon
2005-08-05	Jax PHP Scripts 1.0/1.34/2.14/3.31 - formmailer.log User Sent Mail Disclosure	Lostmon
2005-08-05	Jax PHP Scripts 1.0/1.34/2.14/3.31 - ips2block Banned IP Disclosure	Lostmon
2005-08-05	Jax PHP Scripts 1.0/1.34/2.14/3.31 - jax_calendar.php Multiple Parameter Cross-Site Scripting	Lostmon
2005-08-05	Jax PHP Scripts 1.0/1.34/2.14/3.31 - jax_guestbook.php Multiple Parameter Cross-Site Scripting	Lostmon
2005-08-05	Jax PHP Scripts 1.0/1.34/2.14/3.31 - jnl_records User Database Disclosure	Lostmon
2005-08-05	Jax PHP Scripts 1.0/1.34/2.14/3.31 - shrimp_petition.php Multiple Parameter Cross-Site Scripting	Lostmon
2005-08-05	Jax PHP Scripts 1.0/1.34/2.14/3.31 - sign_in.php language Parameter Cross-Site Scripting	Lostmon
2005-08-05	Jax PHP Scripts 1.0/1.34/2.14/3.31 - suggestions.csv User IP Disclosure	Lostmon
2005-08-05	Jax PHP Scripts 1.0/1.34/2.14/3.31 petitionbook Script - User IP Disclosure	Lostmon

Jax PHP Scripts 1.0/1.34/2.14/3.31 - jax_linklists.php Multiple Parameter Cross-Site Scripting

Related Exploits