CVE-2008-2861

eLineStudio Site Composer <= 2.6 - Cross-Site Scripting via Multiple Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-2861. PoCs published by BugReport.IR.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in eLineStudio Site Composer (ESC) <=2.6, including SQL injection, XSS, and arbitrary folder deletion/creation. It provides functional proof-of-concept URLs for each vulnerability.

Description

Multiple cross-site scripting (XSS) vulnerabilities in eLineStudio Site Composer (ESC) 2.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) topic and (2) button parameters to ansFAQ.asp and the (3) id and (4) txtEmail parameters to login.asp.

Exploits (1)

exploitdb WORKING POC VERIFIED

by BugReport.IR · textwebappsphp

https://www.exploit-db.com/exploits/5859

View Code ZIP pw:eip

The exploit demonstrates multiple vulnerabilities in eLineStudio Site Composer (ESC) <=2.6, including SQL injection, XSS, and arbitrary folder deletion/creation. It provides functional proof-of-concept URLs for each vulnerability.

Classification

Working Poc 95%

Attack Type

Sqli | Xss | Info Leak | Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: eLineStudio Site Composer (ESC) <=2.6

No auth needed

Prerequisites: Access to the target web application

MITRE ATT&CK