Home page logo
/

bugtraq logo Bugtraq mailing list archives

phpLinkat XSS Security Bug
From: Sp.IC <SpeedICNet () Hotmail Com>
Date: 3 Oct 2002 20:22:44 -0000



phpLinkat is a free Web-Based link indexing script written in PHP and 
runs on MySQL.This product is server is vulnerable to the Cross-Site 
Scripting vulnerability would allow attackers to inject HTML and script 
codes into the pages and execute it on the clients browser as if it were 
provided by the site.

+ Tested on:

    - phpLinkat 0.1.0

+ Exploit:

    - showcat.php?catid=&lt;Script&gt;JavaScript:alert('XSS Exploit');&lt;/Script&gt;
    - addyoursite.php?catid=&lt;Script&gt;JavaScript:alert('XSS 
Exploit');&lt;/Script&gt;

+ Solution:

    - Open showcat.php
    - Add this code to line 22:

     $catid = HTMLSpecialChars($catid);
     $catid = PREG_Match("/^[0-9]/", $catid);
     
     If (!$catid){

         Print "Error";
         
     }Else{

    - Add this code to line 138:

    }} //end if

    - Open showcat.php
    - Add this code to line 14:

     $catid = HTMLSpecialChars($catid);
     $catid = PREG_Match("/^[0-9]/", $catid);
     
     If (!$catid){

         Print "Error";
         
     }Else{

    - Add this code to line 105:

    }}

+ Links:

   - Http://www.DesClub.com


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]