phpLinkat XSS Security Bug

From: Sp.IC (SpeedICNetat_private)
Date: Thu Oct 03 2002 - 13:22:44 PDT

Next message: Matt Zimmerman: "Cisco Secure Content Accelerator vulnerable to SSL worm"

Previous message: Martin Schulze: "[SECURITY] [DSA 169-1] New tomcat packages fix unintended source code disclosure"
Next in thread: Sp.IC: "phpLinkat XSS Security Bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) phpLinkat is a free Web-Based link indexing script written in PHP and runs on MySQL.This product is server is vulnerable to the Cross-Site Scripting vulnerability would allow attackers to inject HTML and script codes into the pages and execute it on the clients browser as if it were provided by the site. + Tested on: - phpLinkat 0.1.0 + Exploit: - showcat.php?catid=<Script>JavaScript:alert('XSS Exploit');</Script> - addyoursite.php?catid=<Script>JavaScript:alert('XSS Exploit');</Script> + Solution: - Open showcat.php - Add this code to line 22: $catid = HTMLSpecialChars($catid); $catid = PREG_Match("/^[0-9]/", $catid); If (!$catid){ Print "Error"; }Else{ - Add this code to line 138: }} //end if - Open showcat.php - Add this code to line 14: $catid = HTMLSpecialChars($catid); $catid = PREG_Match("/^[0-9]/", $catid); If (!$catid){ Print "Error"; }Else{ - Add this code to line 105: }} + Links: - http://www.DesClub.com

Next message: Matt Zimmerman: "Cisco Secure Content Accelerator vulnerable to SSL worm"
Previous message: Martin Schulze: "[SECURITY] [DSA 169-1] New tomcat packages fix unintended source code disclosure"
Next in thread: Sp.IC: "phpLinkat XSS Security Bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Oct 04 2002 - 09:28:06 PDT