Exploitation Summary
EIP tracks 1 public exploit for CVE-2008-6060. PoCs published by Rich Cannings.
AI-analyzed exploit summary The exploit demonstrates a remote code execution vulnerability in InfoSoft FusionCharts by injecting malicious input via the 'dataURL' parameter in an SWF file. The payload manipulates the 'debugMode' and 'dataURL' parameters to execute arbitrary script code in the context of the webserver process.
Description
Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary Shockwave Flash (SWF) files created by InfoSoft FusionCharts allows remote attackers to inject arbitrary additional SWF content via a URL in the SRC attribute of an IMG element in the dataURL parameter.
Exploits (1)
The exploit demonstrates a remote code execution vulnerability in InfoSoft FusionCharts by injecting malicious input via the 'dataURL' parameter in an SWF file. The payload manipulates the 'debugMode' and 'dataURL' parameters to execute arbitrary script code in the context of the webserver process.