CVE-2009-2587
DragDropCart - Cross-Site Scripting via Multiple Parameters
Title source: llmExploitation Summary
EIP tracks 6 public exploits for CVE-2009-2587. PoCs published by Moudi.
AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in DragDropCart, where user-supplied input is not properly sanitized. The example demonstrates a simple XSS payload injected via the 'search' parameter in a URL.
Description
Multiple cross-site scripting (XSS) vulnerabilities in DragDropCart allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to assets/js/ddcart.php, the (2) prefix parameter to includes/ajax/getstate.php, the search parameter to (3) index.php and (4) search.php, the (5) redirect parameter to login.php, and the (6) product parameter to productdetail.php.
Exploits (6)
The provided text describes a cross-site scripting (XSS) vulnerability in DragDropCart, where user-supplied input is not properly sanitized. The example demonstrates a simple XSS payload injected via the 'search' parameter in a URL.
This exploit demonstrates a cross-site scripting (XSS) vulnerability in DragDropCart by injecting a malicious script via the 'product' parameter in the URL. The payload bypasses basic sanitization using mixed case and URL encoding.
This exploit demonstrates a cross-site scripting (XSS) vulnerability in DragDropCart by injecting arbitrary JavaScript code via the 'redirect' parameter in the login.php URL. The payload bypasses basic sanitization using encoded characters and line breaks.
This exploit demonstrates a cross-site scripting (XSS) vulnerability in DragDropCart by injecting arbitrary JavaScript code via the 'search' parameter. The payload bypasses basic sanitization using mixed case and URL encoding.
This exploit demonstrates a cross-site scripting (XSS) vulnerability in DragDropCart by injecting arbitrary JavaScript code via the 'prefix' parameter in the 'getstate.php' endpoint. The payload uses obfuscation techniques to bypass basic filters.
This exploit demonstrates a cross-site scripting (XSS) vulnerability in DragDropCart by injecting a script tag into the 'sid' parameter of the 'ddcart.php' file. The vulnerability arises due to insufficient sanitization of user-supplied data.