CVE-2008-6675

QuickerSite 1.8.5 - Cross-Site Scripting via Multiple Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6675.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in QuickerSite CMS 1.8.5, including insecure direct object references, XSS, and mailbombing. It provides functional HTML forms and URLs to exploit these flaws without requiring authentication.

Description

Multiple cross-site scripting (XSS) vulnerabilities in QuickerSite 1.8.5 allow remote attackers to inject arbitrary web script or HTML via (1) the close parameter to showThumb.aspx; (2) SB_redirect and (3) SB_feedback parameters in process_send.asp, as reachable through default.asp; (4) paramCode and (5) cColor parameters to picker.asp; and the (6) query string, (7) Referer header, and (8) X-FORWARDED-FOR header to rss.asp.

Exploits (1)

exploitdb WORKING POC

webappsphp

https://www.exploit-db.com/exploits/5733

View Code ZIP pw:eip

The exploit demonstrates multiple vulnerabilities in QuickerSite CMS 1.8.5, including insecure direct object references, XSS, and mailbombing. It provides functional HTML forms and URLs to exploit these flaws without requiring authentication.

Classification

Working Poc 95%

Attack Type

Auth Bypass | Xss | Info Leak | Other

Complexity

Trivial

Reliability

Reliable

Target: QuickerSite CMS 1.8.5

No auth needed

Prerequisites: Access to the target web application

MITRE ATT&CK