CVE-2008-1414

Multiple Time Sheets <= 5.0 - Cross-Site Scripting via Tab Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-1414. PoCs published by JosS.

AI-analyzed exploit summary This is a writeup detailing multiple vulnerabilities in Mutiple Timesheets <= 5.0, including directory traversal, XSS, and cookie manipulation. It provides examples of exploit URLs but does not include executable exploit code.

Description

Cross-site scripting (XSS) vulnerability in Multiple Time Sheets (MTS) 5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the tab parameter to (1) index.php, as demonstrated using mixed case and encoded whitespace characters in the tag; or (2) clientinfo.php, (3) invoices.php, (4) smartlinks.php, and (5) todo.php, as demonstrated using a META tag.

Exploits (1)

exploitdb WRITEUP VERIFIED

by JosS · textwebappsphp

https://www.exploit-db.com/exploits/5262

View Code ZIP pw:eip

This is a writeup detailing multiple vulnerabilities in Mutiple Timesheets <= 5.0, including directory traversal, XSS, and cookie manipulation. It provides examples of exploit URLs but does not include executable exploit code.

Classification

Writeup 100%

Attack Type

Info Leak | Xss | Other

Complexity

Trivial

Reliability

Theoretical

Target: Mutiple Timesheets <= 5.0

No auth needed

Prerequisites: Access to the target application

MITRE ATT&CK