CVE-2008-6758

Viart Shop - Cross-Site Request Forgery

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6758.

AI-analyzed exploit summary The document details multiple vulnerabilities in ViArt Shopping Cart v3.5, including full path disclosure, information disclosure, and arbitrary code injection via XSS. It provides technical descriptions of attack vectors and their impacts but does not include functional exploit code.

Description

Cross-site request forgery (CSRF) vulnerability in cart_save.php in ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to hijack the authentication of arbitrary users for requests that conduct persistent cross-site scripting (XSS) attacks via the cart_name parameter in a save action.

Exploits (1)

exploitdb WRITEUP

webappsphp

https://www.exploit-db.com/exploits/7628

View Code ZIP pw:eip

The document details multiple vulnerabilities in ViArt Shopping Cart v3.5, including full path disclosure, information disclosure, and arbitrary code injection via XSS. It provides technical descriptions of attack vectors and their impacts but does not include functional exploit code.

Classification

Writeup 95%

Attack Type

Xss | Info Leak

Complexity

Trivial

Reliability

Reliable

Target: ViArt Shopping Cart v3.5

No auth needed

Prerequisites: Access to the target web application

MITRE ATT&CK