Home page logo
/

bugtraq logo Bugtraq mailing list archives

phpLinkat XSS Security Bug
From: Sp.IC <SpeedICNet () Hotmail Com>
Date: 4 Oct 2002 17:28:10 -0000



.:: phpLinkat XSS Security Bug.

phpLinkat is a free Web-Based link indexing script written in PHP and 
runs on MySQL. This product is vulnerable to the Cross-Site 
Scripting vulnerability that would allow attackers to inject HTML and 
script codes into the pages and execute it on the clients browser as if 
it were provided by the site.

+ Tested on:

    - phpLinkat 0.1.0

+ Exploit:

    - showcat.php?catid=&lt;Script&gt;JavaScript:alert('XSS Exploit');&lt;/Script&gt;
    - addyoursite.php?catid=&lt;Script&gt;JavaScript:alert('XSS 
Exploit');&lt;/Script&gt;

+ Solution:

    - Open showcat.php
    - Add this code to line 6:

        $catid = HTMLSpecialChars($catid);
        $catid = PREG_Replace("/[A-Z&.;:()~! () #$%^''*\{\}\/]/i", "", 
$catid);

    - Open addyoursite.php
    - Add this code to line 6:

        $catid = HTMLSpecialChars($catid);
        $catid = PREG_Replace("/[A-Z&.;:()~! () #$%^''*\{\}\/]/i", "", 
$catid);

+ Links:

   - Http://www.DesClub.com


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]