CVE-2009-3153
x10 MP3 Search Engine 1.6.5 - Cross-Site Scripting via Multiple Parameters
Title source: llmExploitation Summary
EIP tracks 8 public exploits for CVE-2009-3153. PoCs published by Moudi.
AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in x10 Media Automatic MP3 Search Engine 1.6.5, where user-supplied input is not properly sanitized. The vulnerability allows arbitrary script execution in the context of the affected site.
Description
Multiple cross-site scripting (XSS) vulnerabilities in x10 MP3 Search engine 1.6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) pic_id parameter to includes/video_ad.php, (2) category parameter to linkvideos_listing.php, id parameter to (3) templates/header1.php and (4) mp3/lyrics.php, key parameter to (5) video_listing.php and (6) adult/video_listing.php, and name parameter to (7) mp3/embed.php and (8) mp3/info.php.
Exploits (8)
The provided text describes a cross-site scripting (XSS) vulnerability in x10 Media Automatic MP3 Search Engine 1.6.5, where user-supplied input is not properly sanitized. The vulnerability allows arbitrary script execution in the context of the affected site.
This exploit demonstrates a reflected XSS vulnerability in x10 Media Automatic MP3 Search Engine 1.6.5 by injecting a script tag into the 'id' parameter of the lyrics.php page. The PoC uses a simple alert to display the document cookie, proving arbitrary JavaScript execution.
This is a writeup describing a cross-site scripting (XSS) vulnerability in x10 Media Automatic MP3 Search Engine 1.6.5. The vulnerability arises from improper sanitization of user-supplied input, allowing arbitrary script execution in the context of the affected site.
This exploit demonstrates a cross-site scripting (XSS) vulnerability in x10 Media Automatic MP3 Search Engine 1.6.5 by injecting a script tag into the 'name' parameter of the embed.php file. The PoC uses a simple alert to display the document.cookie, proving arbitrary script execution in the context of the affected site.
The provided text describes a cross-site scripting (XSS) vulnerability in x10 Media Automatic MP3 Search Engine 1.6.5, where user-supplied input is not properly sanitized in the 'id' parameter of header1.php. No actual exploit code is included.
This exploit demonstrates a reflected XSS vulnerability in x10 Media Automatic MP3 Search Engine 1.6.5 by injecting a script tag into the 'key' parameter of the video_listing.php page. The PoC uses a simple alert to display the user's cookies, proving arbitrary JavaScript execution.
The provided text describes a cross-site scripting (XSS) vulnerability in x10 Media Automatic MP3 Search Engine 1.6.5, where user-supplied input is not properly sanitized. The example URL demonstrates how an attacker could inject arbitrary script code via the 'category' parameter.
The provided text describes a cross-site scripting (XSS) vulnerability in x10 Media Automatic MP3 Search Engine 1.6.5, where the 'pic_id' parameter in 'video_ad.php' is not properly sanitized. This allows arbitrary script execution in the context of the affected site.