CVE-2010-4631

pilot_cart 7.3 - Cross-Site Scripting via Multiple Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-4631. PoCs published by Ariko-Security.

AI-analyzed exploit summary This is a security advisory detailing multiple vulnerabilities in ASPilot Pilot Cart 7.3, including SQL injection, XSS, iFrame injections, and link injections. It provides descriptions of vulnerable parameters and example URLs but does not include executable exploit code.

Description

Multiple cross-site scripting (XSS) vulnerabilities in ASPilot Pilot Cart 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) countrycode parameter to contact.asp, USERNAME parameter to (2) gateway.asp and (3) cart.asp, and the specific parameter to (4) quote.asp and (5) buyitnow.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Ariko-Security · textwebappsasp

https://www.exploit-db.com/exploits/15448

View Code ZIP pw:eip

This is a security advisory detailing multiple vulnerabilities in ASPilot Pilot Cart 7.3, including SQL injection, XSS, iFrame injections, and link injections. It provides descriptions of vulnerable parameters and example URLs but does not include executable exploit code.

Classification

Writeup 90%

Attack Type

Sqli | Xss | Info Leak

Complexity

Trivial

Reliability

Theoretical

Target: ASPilot Pilot Cart 7.3

No auth needed

Prerequisites: Access to vulnerable endpoints · No authentication required

MITRE ATT&CK