CVE-2009-1315

AbleSpace 1.0 - Cross-Site Scripting via Multiple Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-1315. PoCs published by DSecRG.

AI-analyzed exploit summary The advisory details multiple vulnerabilities in AbleSpace 1.0, including blind SQL injection in events_view.php and events_clndr_view.php, stored XSS in blogs_full.php, and reflected XSS in groups_profile.php and adv_cat.php. It provides example payloads but no executable exploit code.

Description

Multiple cross-site scripting (XSS) vulnerabilities in AbleSpace 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) gid parameter to groups_profile.php, (2) cat_id and (3) razd_id parameters to adv_cat.php, and the (4) URL to blogs_full.php.

Exploits (1)

exploitdb WRITEUP VERIFIED

by DSecRG · textwebappsphp

https://www.exploit-db.com/exploits/8424

View Code ZIP pw:eip

The advisory details multiple vulnerabilities in AbleSpace 1.0, including blind SQL injection in events_view.php and events_clndr_view.php, stored XSS in blogs_full.php, and reflected XSS in groups_profile.php and adv_cat.php. It provides example payloads but no executable exploit code.

Classification

Writeup 100%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Theoretical

Target: AbleSpace 1.0

No auth needed

Prerequisites: Network access to the target application

MITRE ATT&CK