CVE-2009-0541
Magento 1.2.0/1.2.1.1 - Cross-Site Scripting via Login/Email/Downloader Parameters
Title source: llmExploitation Summary
EIP tracks 3 public exploits for CVE-2009-0541. PoCs published by Loukas Kalenderidis.
AI-analyzed exploit summary This exploit demonstrates a reflected XSS vulnerability in Magento 1.2.0 by injecting a script tag into the 'return' parameter of the downloader endpoint. The lack of input sanitization allows arbitrary JavaScript execution in the context of the affected site.
Description
Multiple cross-site scripting (XSS) vulnerabilities in Magento 1.2.0 and 1.2.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the username field in an admin/ request to index.php, possibly related to the login[username] parameter and the app/code/core/Mage/Admin/Model/Session.php login function; (2) the email address field in an admin/index/forgotpassword/ request to index.php, possibly related to the email parameter and the app/code/core/Mage/Adminhtml/controllers/IndexController.php forgotpasswordAction function; or (3) the return parameter to the default URI under downloader/.
Exploits (3)
This exploit demonstrates a reflected XSS vulnerability in Magento 1.2.0 by injecting a script tag into the 'return' parameter of the downloader endpoint. The lack of input sanitization allows arbitrary JavaScript execution in the context of the affected site.
This exploit demonstrates a cross-site scripting (XSS) vulnerability in Magento 1.2.0 by injecting malicious JavaScript code into the 'Email address' field of the forgot password page. The lack of input sanitization allows arbitrary script execution in the context of the affected site.
This exploit demonstrates a cross-site scripting (XSS) vulnerability in Magento's admin login page by injecting a script tag into the username field. The vulnerability arises due to insufficient input sanitization, allowing arbitrary JavaScript execution in the context of the affected site.