Exploitation Summary
EIP tracks 2 public exploits for CVE-2012-2910. PoCs published by Gjoko Krstic.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in phpThumb() by injecting a malicious script via the 'title' parameter in a GET request. The script executes arbitrary JavaScript in the context of the affected site, potentially stealing cookie-based authentication credentials.
Description
Multiple cross-site scripting (XSS) vulnerabilities in SiliSoftware phpThumb() 1.7.11 allow remote attackers to inject arbitrary web script or HTML via the (1) dir parameter to demo/phpThumb.demo.random.php or (2) title parameter to demo/phpThumb.demo.showpic.php.
Exploits (2)
This exploit demonstrates a cross-site scripting (XSS) vulnerability in phpThumb() by injecting a malicious script via the 'title' parameter in a GET request. The script executes arbitrary JavaScript in the context of the affected site, potentially stealing cookie-based authentication credentials.
This exploit demonstrates a cross-site scripting (XSS) vulnerability in phpThumb() by injecting a malicious script via the 'dir' parameter in a GET request. The script executes arbitrary JavaScript in the context of the affected site, potentially stealing cookies or performing other malicious actions.