CVE-2009-3512
MyWeight 1.0 - Cross-Site Scripting via Multiple Parameters
Title source: llmExploitation Summary
EIP tracks 3 public exploits for CVE-2009-3512. PoCs published by Moudi.
AI-analyzed exploit summary This exploit demonstrates multiple cross-site scripting (XSS) vulnerabilities in MyWeight 1.0 by injecting arbitrary JavaScript code via the 'info' and 'return' parameters in the user_login.php page. The PoC includes URLs with crafted payloads that trigger XSS when accessed.
Description
Multiple cross-site scripting (XSS) vulnerabilities in MyWeight 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) date parameter to user_addfood.php, info parameter to (2) user_forgot_pwd_form.php and (3) user_login.php, and (4) return parameter to user_login.php.
Exploits (3)
This exploit demonstrates multiple cross-site scripting (XSS) vulnerabilities in MyWeight 1.0 by injecting arbitrary JavaScript code via the 'info' and 'return' parameters in the user_login.php page. The PoC includes URLs with crafted payloads that trigger XSS when accessed.
The provided text describes a cross-site scripting (XSS) vulnerability in MyWeight 1.0, where user-supplied input is not properly sanitized. The example demonstrates an XSS payload in the 'info' parameter of a URL.
This exploit demonstrates a reflected XSS vulnerability in MyWeight 1.0 by injecting arbitrary JavaScript via the 'date' parameter in user_addfood.php. The payload bypasses basic sanitization using mixed case and URL encoding.