CVE-2008-2967

Academic Web Tools < 1.4.2.8 - Cross-Site Scripting via Query String and glb_sid Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-2967.

AI-analyzed exploit summary This exploit demonstrates multiple vulnerabilities in Academic Web Tools CMS, including directory traversal, SQL injection, XSS, and session fixation. It provides functional PoC examples for each vulnerability.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) query string to login.php and the (2) glb_sid parameter to hta/htmlarea.js.php, and allow remote authenticated users to inject arbitrary web script or HTML via an unspecified field in room.php.

Exploits (1)

exploitdb WORKING POC

webappsphp

https://www.exploit-db.com/exploits/5861

View Code ZIP pw:eip

This exploit demonstrates multiple vulnerabilities in Academic Web Tools CMS, including directory traversal, SQL injection, XSS, and session fixation. It provides functional PoC examples for each vulnerability.

Classification

Working Poc 95%

Attack Type

Sqli | Xss | Info Leak | Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Academic Web Tools CMS 1.4.2.8 and prior

No auth needed

Prerequisites: Access to vulnerable web application

MITRE ATT&CK