CVE-2012-4251
MySQLDumper 1.24.4 - Cross-Site Scripting via Multiple Parameters
Title source: llmExploitation Summary
EIP tracks 4 public exploits for CVE-2012-4251. PoCs published by AkaStep.
AI-analyzed exploit summary The provided text describes multiple vulnerabilities in MySQLDumper 1.24.4, including XSS, local file inclusion, CSRF, information disclosure, and directory traversal. It includes example URLs demonstrating XSS exploitation but lacks executable exploit code.
Description
Multiple cross-site scripting (XSS) vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to index.php, (2) phase parameter to install.php, (3) tablename or (4) dbid parameter to sql.php, or (5) filename parameter to restore.php in learn/cubemail/.
Exploits (4)
The provided text describes multiple vulnerabilities in MySQLDumper 1.24.4, including XSS, local file inclusion, CSRF, information disclosure, and directory traversal. It includes example URLs demonstrating XSS exploitation but lacks executable exploit code.
The provided text describes multiple vulnerabilities in MySQLDumper 1.24.4, including XSS, local file inclusion, CSRF, information disclosure, and directory traversal. It includes an example XSS payload but lacks executable exploit code.
The provided text describes multiple vulnerabilities in MySQLDumper 1.24.4, including XSS, local file inclusion, CSRF, information disclosure, and directory traversal. It includes an example XSS payload but lacks executable exploit code.
The provided text is a vulnerability writeup for CVE-2012-4251, detailing multiple vulnerabilities in MySQLDumper 1.24.4, including XSS, LFI, CSRF, info disclosure, and directory traversal. It lacks actual exploit code but describes attack vectors and potential impacts.