CVE-2008-3779

Five Star Review Script - Cross-Site Scripting via Search Words Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-3779. PoCs published by Mr.SQL.

AI-analyzed exploit summary This exploit demonstrates SQL injection and XSS vulnerabilities in the Five Star Review script. The SQL injection allows unauthorized extraction of user and admin credentials via crafted `item_id` parameters, while the XSS vulnerability is triggered through the search functionality.

Description

Cross-site scripting (XSS) vulnerability in search/index.php in Five Star Review Script allows remote attackers to inject arbitrary web script or HTML via the words parameter in a search action.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Mr.SQL · textwebappsphp

https://www.exploit-db.com/exploits/6294

View Code ZIP pw:eip

This exploit demonstrates SQL injection and XSS vulnerabilities in the Five Star Review script. The SQL injection allows unauthorized extraction of user and admin credentials via crafted `item_id` parameters, while the XSS vulnerability is triggered through the search functionality.

Classification

Working Poc 90%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Reliable

Target: Five Star Review script (version unspecified)

No auth needed

Prerequisites: Access to the target web application · Knowledge of the vulnerable parameters (`item_id`, `words`)

MITRE ATT&CK