CVE-2008-7036

E-XooPS DevTracker <1.08 & bcoos DevTracker <1.1.11 - XSS via direction/order_by

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-7036. PoCs published by Lostmon.

AI-analyzed exploit summary This exploit demonstrates multiple cross-site scripting (XSS) vulnerabilities in the DevTracker module for bcoos and E-xoops due to improper input sanitization. The PoC provides example URLs that inject arbitrary script code via the 'order_by' and 'direction' parameters.

Description

Multiple cross-site scripting (XSS) vulnerabilities in index.php in DevTracker module 3.0 for bcoos 1.1.11 and earlier, and DevTracker module 0.20 for E-XooPS 1.0.8 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) direction and (2) order_by parameters.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Lostmon · textwebappsphp

https://www.exploit-db.com/exploits/31112

View Code ZIP pw:eip

This exploit demonstrates multiple cross-site scripting (XSS) vulnerabilities in the DevTracker module for bcoos and E-xoops due to improper input sanitization. The PoC provides example URLs that inject arbitrary script code via the 'order_by' and 'direction' parameters.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: bcoos <= 1.1.11 with DevTracker 3.0, E-xoops <= 1.0.8 with DevTracker v0.20

No auth needed

Prerequisites: Access to the vulnerable web application

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Exploit vdb-entry x_refsource_osvdb

http://osvdb.org/44335

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/40306

Exploit x_refsource_misc

http://lostmon.blogspot.com/2008/02/bcoos-and-e-xoops-devtracker-module-two.html

Exploit vdb-entry x_refsource_osvdb

http://osvdb.org/44334

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/27619

Scores

EPSS 0.0150

EPSS Percentile 70.8%

Details

CWE

CWE-79

Status published

Products (10)

bcoos/bcoos 1.0.9

bcoos/bcoos 1.0.10

bcoos/bcoos 1.0.11

bcoos/bcoos 1.0.12

bcoos/bcoos 1.0.13

bcoos/bcoos < 1.1.11

bcoos/devtracker 0.20

bcoos/devtracker 3.0

e-xoops/e-xoops 1.05 r3 (4 CPE variants)

e-xoops/e-xoops < 1.08

Published Aug 24, 2009

Tracked Since Feb 18, 2026