CVE-2008-2048

Angelo-Emlak 1.0 - Cross-Site Scripting via sayfa Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-2048. PoCs published by U238.

AI-analyzed exploit summary This exploit demonstrates SQL injection and XSS vulnerabilities in Angelo-Emlak v1.0. The SQLi allows unauthorized extraction of admin credentials, while the XSS can execute arbitrary JavaScript in the context of the admin panel.

Description

Cross-site scripting (XSS) vulnerability in hpz/admin/Default.asp in Angelo-Emlak 1.0 allows remote attackers to inject arbitrary web script or HTML via the sayfa parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by U238 · textwebappsasp

https://www.exploit-db.com/exploits/5503

View Code ZIP pw:eip

This exploit demonstrates SQL injection and XSS vulnerabilities in Angelo-Emlak v1.0. The SQLi allows unauthorized extraction of admin credentials, while the XSS can execute arbitrary JavaScript in the context of the admin panel.

Classification

Working Poc 90%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Reliable

Target: Angelo-Emlak v1.0

No auth needed

Prerequisites: Access to the target web application

MITRE ATT&CK