CVE-2012-5105
SQLiteManager 1.2.4 - Cross-Site Scripting via dbsel or nsextt Parameter
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2012-5105. PoCs published by Stefan Schurtz.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in SQLiteManager 1.2.4 by injecting malicious JavaScript via the 'dbsel' parameter. The PoC uses a crafted URL to execute arbitrary script code in the context of the affected site.
Description
Multiple cross-site scripting (XSS) vulnerabilities in SQLiteManager 1.2.4 allow remote attackers to inject arbitrary web script or HTML via the dbsel parameter to (1) main.php or (2) index.php; or (3) nsextt parameter to index.php.
Exploits (2)
This exploit demonstrates a cross-site scripting (XSS) vulnerability in SQLiteManager 1.2.4 by injecting malicious JavaScript via the 'dbsel' parameter. The PoC uses a crafted URL to execute arbitrary script code in the context of the affected site.
This exploit demonstrates multiple XSS vulnerabilities in SQLiteManager 1.2.4 by injecting malicious JavaScript via URL parameters. The PoC uses the 'stYle' attribute with an 'expression' to execute arbitrary code in Internet Explorer.