XSS bug in php(Reactor)

From: Arab VieruZ (arabviersusat_private)
Date: Thu Oct 10 2002 - 05:43:11 PDT

Next message: Roland Verlander: "phpBBmod contains an open phpinfo"

Previous message: Janusz Niewiadomski: "Multiple vendor ypxfrd map handling vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) Vulnerable systems: 1.2.7pl1 Exploit: forums/browse.php?fid=3&tid=46&go=<scri*pt>JavaScript:alert ('Hi');</scri*pt> (with out "*") Solution: i thought this but i am not sure open browse.php and add this code in line 52: $go = HTMLSpecialChars($go); $go = PREG_Replace("/[A-Z&.;:()~!@#$%^''*\{\}\/]/i", "", $go); ---------------------------------- Arab Vieruz thanx

Next message: Roland Verlander: "phpBBmod contains an open phpinfo"
Previous message: Janusz Niewiadomski: "Multiple vendor ypxfrd map handling vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Oct 10 2002 - 10:32:30 PDT