CVE-2008-1896

Carbon Communities < 2.4 - Cross-Site Scripting via Redirect or OrderBy Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-1896. PoCs published by BugReport.IR.

AI-analyzed exploit summary The exploit demonstrates multiple SQL injection and XSS vulnerabilities in Carbon Communities forum software version 2.4 and prior. It includes functional PoC code for SQLi in events.asp, getpassword.asp, and option_Update.asp, as well as XSS in login.asp and member_send.asp.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Carbon Communities 2.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Redirect parameter to login.asp and the (2) OrderBy parameter to member_send.asp.

Exploits (1)

exploitdb WORKING POC VERIFIED

by BugReport.IR · textwebappsasp

https://www.exploit-db.com/exploits/5456

View Code ZIP pw:eip

The exploit demonstrates multiple SQL injection and XSS vulnerabilities in Carbon Communities forum software version 2.4 and prior. It includes functional PoC code for SQLi in events.asp, getpassword.asp, and option_Update.asp, as well as XSS in login.asp and member_send.asp.

Classification

Working Poc 95%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Reliable

Target: Carbon Communities forum 2.4 and prior

No auth needed

Prerequisites: Access to the vulnerable web application

MITRE ATT&CK