Exploitation Summary
EIP tracks 9 public exploits for CVE-2012-1664. PoCs published by High-Tech Bridge SA.
AI-analyzed exploit summary The provided text describes SQL injection and XSS vulnerabilities in osCMax 2.5.0, with an example XSS payload. It lacks executable exploit code but outlines attack vectors.
Description
Multiple cross-site scripting (XSS) vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter in a process action to admin/login.php; (2) pageTitle, (3) current_product_id, or (4) cPath parameter to admin/new_attributes_include.php; (5) sb_id, (6) sb_key, (7) gc_id, (8) gc_key, or (9) path parameter to admin/htaccess.php; (10) title parameter to admin/information_form.php; (11) search parameter to admin/xsell.php; (12) gross or (13) max parameter to admin/stats_products_purchased.php; (14) status parameter to admin/stats_monthly_sales.php; (15) sorted parameter to admin/stats_customers.php; (16) information_id parameter to /admin/information_manager.php; or (17) zID parameter to /admin/geo_zones.php.
Exploits (9)
The provided text describes SQL injection and XSS vulnerabilities in osCMax 2.5.0, with an example XSS payload. It lacks executable exploit code but outlines attack vectors.
The provided text describes multiple SQL injection and XSS vulnerabilities in osCMax 2.5.0, with example URLs demonstrating XSS payloads. No actual exploit code is present, only a vulnerability description and proof-of-concept URLs.
The provided text describes a cross-site scripting (XSS) vulnerability in osCMax 2.5.0, where unsanitized user input in the 'status' parameter of 'stats_monthly_sales.php' allows execution of arbitrary JavaScript code. The example demonstrates a basic XSS payload to steal cookies.
The provided text describes a vulnerability in osCMax 2.5.0, specifically SQL injection and XSS vulnerabilities due to insufficient input sanitization. It includes an example XSS payload but lacks executable exploit code.
The provided text describes a cross-site scripting (XSS) vulnerability in osCMax 2.5.0, where user-supplied input is not sufficiently sanitized. The example demonstrates an XSS payload injected via the 'pageTitle' parameter in the admin interface.
This exploit demonstrates a cross-site scripting (XSS) vulnerability in osCMax 2.5.0 by injecting a malicious script into the username field of a login form. The script executes when processed, potentially stealing cookie-based authentication credentials.
The provided text describes a cross-site scripting (XSS) vulnerability in osCMax 2.5.0, where user-supplied input is not sufficiently sanitized. The example URL demonstrates an XSS payload that could steal cookie-based authentication credentials.
This exploit demonstrates multiple cross-site scripting (XSS) vulnerabilities in osCMax 2.5.0 by injecting malicious scripts into form fields. The PoC shows how unsanitized input can lead to arbitrary JavaScript execution in the context of the admin panel.
The provided text describes a cross-site scripting (XSS) vulnerability in osCMax 2.5.0, where unsanitized user input in the 'zID' parameter allows execution of arbitrary JavaScript. The example demonstrates a basic XSS payload to steal cookies.