Home page logo
/

bugtraq logo Bugtraq mailing list archives

PHP Code Snippet Library Multiple Cross-Site Scripting (XSS) Vulnerabilities
From: Nikyt0x Argentina <nikyt0x () hotmail com>
Date: 24 Aug 2004 22:04:46 -0000



[Nikkyt0x Advisory]
#0000-0001

        [PHP Code Snippet Library Multiple Cross-Site Scripting (XSS) Vulnerabilities]


Software: PHP Code Snippet Library 
Vendor: http://www.php-csl.com/
Date: 24/08/2004
Author: Nikyt0x [ nikyt0x () hotmail com ]
Site: http://nikyt0x.webcindario.com
Advisory URL: http://nikyt0x.webcindario.com/0001.txt
        Vamos Argentina !

[ Description ]

 It was designed to help PHP programmers store commonly
used code in a central repository. Code can be stored 
in categories for easy managment.
  
[ Vulnerability ]
 
 PHP Code Snippet Library not have html filters in:
cat_select
show
 
[ Proof of concept ]

 http://localhost/[path]/index.php?cat_select=[XSS]
 http://localhost/[path]/index.php?cat_select=[XSS]&show=[XSS]

 Example:

 http://nikyt0x.webcindario.com/1.jpg





  By Date           By Thread  

Current thread:
  • PHP Code Snippet Library Multiple Cross-Site Scripting (XSS) Vulnerabilities Nikyt0x Argentina (Aug 25)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]