CVE-2008-0877
Jinzora Media Jukebox 2.7.5 - Cross-Site Scripting via Multiple Parameters
Title source: llmExploitation Summary
EIP tracks 4 public exploits for CVE-2008-0877. PoCs published by Alexandr Polyakov.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in Jinzora 2.7.5 by injecting a malicious script via the 'jz_path' parameter in the URL. The PoC uses a simple JavaScript alert to confirm the vulnerability.
Description
Multiple cross-site scripting (XSS) vulnerabilities in Jinzora Media Jukebox 2.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) frontend, (2) set_frontend, (3) jz_path, (4) theme, and (5) set_theme parameters to (a) index.php; the frontend, theme, and (6) language parameters to (b) ajax_request.php; the jz_path parameter to (c) slim.php; the frontend, theme, and jz_path parameters to (d) popup.php; the (13) PATH_INFO to index.php and (e) slim.php; and the (14) query parameter in a playlistedit action and (15) siteNewsData parameter in a sitenews action to (f) popup.php.
Exploits (4)
This exploit demonstrates a cross-site scripting (XSS) vulnerability in Jinzora 2.7.5 by injecting a malicious script via the 'jz_path' parameter in the URL. The PoC uses a simple JavaScript alert to confirm the vulnerability.
The exploit demonstrates multiple XSS vulnerabilities in Jinzora 2.7.5 by injecting malicious scripts via unsanitized input parameters in popup.php. The PoC includes three distinct attack vectors targeting different parameters.
This exploit demonstrates multiple XSS vulnerabilities in Jinzora 2.7.5 by injecting malicious scripts via unsanitized user input in the 'frontend' parameter and path manipulation.
This exploit demonstrates a cross-site scripting (XSS) vulnerability in Jinzora 2.7.5 by injecting arbitrary JavaScript code via the 'language' parameter in ajax_request.php. The PoC uses a simple IMG tag with a JavaScript URI to trigger an alert, proving the lack of input sanitization.