CVE-2009-2033

Yogurt 0.3 - Cross-Site Scripting via msg Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-2033. PoCs published by Br0ly.

AI-analyzed exploit summary The exploit demonstrates XSS and SQL injection vulnerabilities in Yogurt software. The XSS is triggered via the 'msg' parameter in index.php, while the SQLi is exploitable in writemessage.php via the 'original' parameter, both due to improper input sanitization.

Description

Cross-site scripting (XSS) vulnerability in index.php in Yogurt 0.3 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Br0ly · textwebappsphp

https://www.exploit-db.com/exploits/8932

View Code ZIP pw:eip

The exploit demonstrates XSS and SQL injection vulnerabilities in Yogurt software. The XSS is triggered via the 'msg' parameter in index.php, while the SQLi is exploitable in writemessage.php via the 'original' parameter, both due to improper input sanitization.

Classification

Working Poc 95%

Attack Type

Xss | Sqli

Complexity

Trivial

Reliability

Reliable

Target: Yogurt (version not specified)

Auth required

Prerequisites: register_globals=on · user registration and login

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/8932

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/35324

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/55097

Scores

EPSS 0.0147

EPSS Percentile 70.5%

Details

CWE

CWE-79

Status published

Products (1)

ricardo_alexandre_de_oliveira_staudt/yogurt 0.3

Published Jun 12, 2009

Tracked Since Feb 18, 2026