phpLinkat XSS Security Bug

From: Sp.IC (SpeedICNetat_private)
Date: Fri Oct 04 2002 - 10:28:10 PDT

Next message: Michael.Kainat_private: "Re: Kill a Unisys Clearpath with nmap port scan"

Previous message: Sebastian: "Re: Solaris 2.6, 7, 8"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) .:: phpLinkat XSS Security Bug. phpLinkat is a free Web-Based link indexing script written in PHP and runs on MySQL. This product is vulnerable to the Cross-Site Scripting vulnerability that would allow attackers to inject HTML and script codes into the pages and execute it on the clients browser as if it were provided by the site. + Tested on: - phpLinkat 0.1.0 + Exploit: - showcat.php?catid=<Script>JavaScript:alert('XSS Exploit');</Script> - addyoursite.php?catid=<Script>JavaScript:alert('XSS Exploit');</Script> + Solution: - Open showcat.php - Add this code to line 6: $catid = HTMLSpecialChars($catid); $catid = PREG_Replace("/[A-Z&.;:()~!@#$%^''*\{\}\/]/i", "", $catid); - Open addyoursite.php - Add this code to line 6: $catid = HTMLSpecialChars($catid); $catid = PREG_Replace("/[A-Z&.;:()~!@#$%^''*\{\}\/]/i", "", $catid); + Links: - http://www.DesClub.com

Next message: Michael.Kainat_private: "Re: Kill a Unisys Clearpath with nmap port scan"
Previous message: Sebastian: "Re: Solaris 2.6, 7, 8"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Oct 05 2002 - 13:54:23 PDT