ID EDB-ID:33108 Type exploitdb Reporter Moudi Modified 2009-06-24T00:00:00
Description
PG MatchMaking search.php show Parameter XSS. CVE-2009-2882. Webapps exploit for php platform
source: http://www.securityfocus.com/bid/35808/info
PG Matchmaking is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
http://www.example.com/search.php?search=SEARCH&gender="><script>alert(document.cookie);</script>
{"bulletinFamily": "exploit", "id": "EDB-ID:33108", "cvelist": ["CVE-2009-2882"], "modified": "2009-06-24T00:00:00", "lastseen": "2016-02-03T18:29:36", "edition": 1, "sourceData": "source: http://www.securityfocus.com/bid/35808/info\r\n \r\nPG Matchmaking is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.\r\n \r\nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.\r\n \r\nhttp://www.example.com/search.php?search=SEARCH&gender=\"><script>alert(document.cookie);</script>", "published": "2009-06-24T00:00:00", "href": "https://www.exploit-db.com/exploits/33108/", "osvdbidlist": ["56558"], "reporter": "Moudi", "hash": "140a70f0a7f637cf9cf10fdf4276fe5189ee63273a8701574dea7cc0f5c570ca", "title": "PG MatchMaking search.php show Parameter XSS", "history": [], "type": "exploitdb", "objectVersion": "1.0", "description": "PG MatchMaking search.php show Parameter XSS. CVE-2009-2882. Webapps exploit for php platform", "references": [], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/33108/", "enchantments": {"vulnersScore": 5.4}}
{"result": {"cve": [{"id": "CVE-2009-2882", "type": "cve", "title": "CVE-2009-2882", "description": "Multiple cross-site scripting (XSS) vulnerabilities in PG MatchMaking allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) browse_ladies.php and (2) browse_men.php, the (3) gender parameter to search.php, and the (4) id parameter to services.php.", "published": "2009-08-20T13:30:09", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2882", "cvelist": ["CVE-2009-2882"], "lastseen": "2016-09-03T12:44:37"}], "exploitdb": [{"id": "EDB-ID:33106", "type": "exploitdb", "title": "PG MatchMaking browse_ladies.php show Parameter XSS", "description": "PG MatchMaking browse_ladies.php show Parameter XSS. CVE-2009-2882 . Webapps exploit for php platform", "published": "2009-06-24T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/33106/", "cvelist": ["CVE-2009-2882"], "lastseen": "2016-02-03T18:29:21"}, {"id": "EDB-ID:33109", "type": "exploitdb", "title": "PG MatchMaking services.php show Parameter XSS", "description": "PG MatchMaking services.php show Parameter XSS. CVE-2009-2882. Webapps exploit for php platform", "published": "2009-06-24T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/33109/", "cvelist": ["CVE-2009-2882"], "lastseen": "2016-02-03T18:29:45"}, {"id": "EDB-ID:33107", "type": "exploitdb", "title": "PG MatchMaking browse_men.php show Parameter XSS", "description": "PG MatchMaking browse_men.php show Parameter XSS. CVE-2009-2882 . Webapps exploit for php platform", "published": "2009-06-24T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/33107/", "cvelist": ["CVE-2009-2882"], "lastseen": "2016-02-03T18:29:28"}]}}