CVE-2009-3256

LiveStreet 0.2 - Cross-Site Scripting via URI Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-3256. PoCs published by Inj3ct0r.

AI-analyzed exploit summary This exploit demonstrates an XSS vulnerability in LiveStreet 0.2 by injecting arbitrary JavaScript via the 'asd' parameter in the blogInfo.php endpoint. The PoC uses a simple script tag to trigger an alert, confirming the vulnerability.

Description

Cross-site scripting (XSS) vulnerability in include/ajax/blogInfo.php in LiveStreet 0.2 allows remote attackers to inject arbitrary web script or HTML via the URI, as demonstrated by a SCRIPT element in an arbitrary parameter such as the asd parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Inj3ct0r · textwebappsphp

https://www.exploit-db.com/exploits/34446

View Code ZIP pw:eip

This exploit demonstrates an XSS vulnerability in LiveStreet 0.2 by injecting arbitrary JavaScript via the 'asd' parameter in the blogInfo.php endpoint. The PoC uses a simple script tag to trigger an alert, confirming the vulnerability.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: LiveStreet 0.2

No auth needed

Prerequisites: Access to the vulnerable endpoint

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit x_refsource_misc

http://packetstormsecurity.org/0908-exploits/livestreet-xss.txt

Scores

EPSS 0.0125

EPSS Percentile 65.6%

Details

CWE

CWE-79

Status published

Products (1)

livestreet/livestreet 0.2

Published Sep 18, 2009

Tracked Since Feb 18, 2026