CVE-2004-1882

CactuShop 5.x - Cross-Site Scripting via popuplargeimage.asp strImageTag Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-1882. PoCs published by Nick Gudov.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in CactuShop by injecting malicious scripts via the 'strImageTag' parameter in 'popuplargeimage.asp'. The PoC shows how an attacker can steal cookie-based authentication credentials by tricking a victim into clicking a crafted link.

Description

Cross-site scripting (XSS) vulnerability in popuplargeimage.asp in CactuShop 5.x allows remote attackers to inject arbitrary web script or HTML via the strImageTag parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Nick Gudov · textwebappsasp

https://www.exploit-db.com/exploits/23899

View Code ZIP pw:eip

This exploit demonstrates a cross-site scripting (XSS) vulnerability in CactuShop by injecting malicious scripts via the 'strImageTag' parameter in 'popuplargeimage.asp'. The PoC shows how an attacker can steal cookie-based authentication credentials by tricking a victim into clicking a crafted link.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: CactuShop (version not specified)

No auth needed

Prerequisites: Victim must click a malicious link · CactuShop must be vulnerable to XSS in the specified endpoint

MITRE ATT&CK