CVE-2009-4681
phpDirectorySource 1.x - Cross-Site Scripting via search.php st Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2009-4681. PoCs published by Moudi.
AI-analyzed exploit summary This exploit demonstrates SQL injection and XSS vulnerabilities in Web Business Directory 1.0 via the 'st' parameter in search.php. The PoC includes live examples with payloads for both vulnerabilities.
Description
Cross-site scripting (XSS) vulnerability in search.php in phpDirectorySource 1.x allows remote attackers to inject arbitrary web script or HTML via the st parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Moudi · textwebappsphp
https://www.exploit-db.com/exploits/9226
This exploit demonstrates SQL injection and XSS vulnerabilities in Web Business Directory 1.0 via the 'st' parameter in search.php. The PoC includes live examples with payloads for both vulnerabilities.
Classification
Working Poc 90%
Attack Type
Sqli | Xss
Complexity
Trivial
Reliability
Reliable
Target:
Web Business Directory 1.0
No auth needed
Prerequisites:
Access to the vulnerable search.php endpoint
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (4)
Core 4
Core References
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/9226
Exploit x_refsource_misc
http://packetstormsecurity.org/0907-exploits/wbd-sqlxss.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/35760
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35941
Scores
EPSS
0.0148
EPSS Percentile
70.6%
Details
CWE
CWE-79
Status
published
Products (2)
phpdirectorysource/phpdirectorysource
1.0
phpdirectorysource/phpdirectorysource
1.1
Published
Mar 10, 2010
Tracked Since
Feb 18, 2026