CVE-2008-6529

eZoneScripts Living Local 1.1 - Cross-Site Scripting via listtest.php r Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6529. PoCs published by Bgh7.

AI-analyzed exploit summary This is a writeup describing an arbitrary file upload vulnerability in Living Local V1.1, allowing authenticated users to upload malicious PHP shells. The steps involve registering, logging in, and exploiting the logo upload functionality to achieve remote code execution.

Description

Cross-site scripting (XSS) vulnerability in listtest.php in eZoneScripts Living Local 1.1 allows remote attackers to inject arbitrary web script or HTML via the r parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Bgh7 · textwebappsphp

https://www.exploit-db.com/exploits/7408

View Code ZIP pw:eip

This is a writeup describing an arbitrary file upload vulnerability in Living Local V1.1, allowing authenticated users to upload malicious PHP shells. The steps involve registering, logging in, and exploiting the logo upload functionality to achieve remote code execution.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Living Local V1.1

Auth required

Prerequisites: Access to registration and login pages · Valid user credentials · Ability to upload a malicious PHP file

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1505.003 - Web Shell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/32761

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/47214

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/7408

Scores

EPSS 0.0160

EPSS Percentile 72.6%

Details

CWE

CWE-79

Status published

Products (1)

ezonescripts/living_local 1.1

Published Mar 26, 2009

Tracked Since Feb 18, 2026