CVE-2008-6882

com_livechat 1.0 - Server-Side Request Forgery via xmlhttp.php Proxy

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6882. PoCs published by jdc.

AI-analyzed exploit summary The exploit demonstrates SQL injection vulnerabilities in Joomla Live Chat component, specifically in 'getChat.php' and 'getSavedChatRooms.php' where the 'last' parameter is unsanitized. It also highlights an open proxy vulnerability in 'xmlhttp.php'.

Description

Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to use the xmlhttp.php script as an open HTTP proxy to hide network scanning activities or scan internal networks via a GET request with a full URL in the query string.

Exploits (1)

exploitdb WORKING POC VERIFIED

by jdc · textwebappsphp

https://www.exploit-db.com/exploits/7441

View Code ZIP pw:eip

The exploit demonstrates SQL injection vulnerabilities in Joomla Live Chat component, specifically in 'getChat.php' and 'getSavedChatRooms.php' where the 'last' parameter is unsanitized. It also highlights an open proxy vulnerability in 'xmlhttp.php'.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Joomla Live Chat component

No auth needed

Prerequisites: Access to the vulnerable Joomla Live Chat component

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/32803

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/47305

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/7441

Scores

EPSS 0.0229

EPSS Percentile 80.9%

Details

CWE

CWE-20

Status published

Products (1)

joompolitan/com_livechat 1.0

Published Jul 30, 2009

Tracked Since Feb 18, 2026