CVE-2003-1350
List Site Pro 2.0 - Account Hijacking via Banner URL Field Delimiter Injection
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2003-1350. PoCs published by Statix.
AI-analyzed exploit summary This exploit demonstrates an arbitrary value injection vulnerability in List Site PRO's flat-file database via HTML input form fields. By crafting a malicious banner URL with pipe-delimited commands, an attacker can reset the password of a targeted user account.
Description
List Site Pro 2.0 allows remote attackers to hijack user accounts by inserting a "|" (pipe), which is used as a field delimiter, into the bannerurl field.
Exploits (1)
This exploit demonstrates an arbitrary value injection vulnerability in List Site PRO's flat-file database via HTML input form fields. By crafting a malicious banner URL with pipe-delimited commands, an attacker can reset the password of a targeted user account.