CVE-2003-0154

Mozilla Bonsai - Cross-Site Scripting via Multiple CGI Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-0154. PoCs published by Stan Bubrouski.

AI-analyzed exploit summary This exploit demonstrates multiple cross-site scripting (XSS) vulnerabilities in the Bonsai tool by injecting malicious scripts into various CGI parameters. The PoC shows how attacker-supplied code can execute in the context of the vulnerable site.

Description

Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query tool allow remote attackers to execute arbitrary web script via (1) the file, root, or rev parameters to cvslog.cgi, (2) the file or root parameters to cvsblame.cgi, (3) various parameters to cvsquery.cgi, (4) the person parameter to showcheckins.cgi, (5) the module parameter to cvsqueryform.cgi, and (6) possibly other attack vectors as identified by Mozilla bug #146244.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Stan Bubrouski · textwebappscgi

https://www.exploit-db.com/exploits/21729

View Code ZIP pw:eip

This exploit demonstrates multiple cross-site scripting (XSS) vulnerabilities in the Bonsai tool by injecting malicious scripts into various CGI parameters. The PoC shows how attacker-supplied code can execute in the context of the vulnerable site.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Bonsai tool (version not specified)

No auth needed

Prerequisites: Victim must visit a malicious link

MITRE ATT&CK