Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

PHP Code Snippet Library Multiple Cross-Site Scripting (XSS) Vulnerabilities

From: Nikyt0x Argentina <nikyt0x () hotmail com>
Date: 24 Aug 2004 22:04:46 -0000


[Nikkyt0x Advisory]
#0000-0001

        [PHP Code Snippet Library Multiple Cross-Site Scripting (XSS) Vulnerabilities]


Software: PHP Code Snippet Library 
Vendor: http://www.php-csl.com/
Date: 24/08/2004
Author: Nikyt0x [ nikyt0x () hotmail com ]
Site: http://nikyt0x.webcindario.com
Advisory URL: http://nikyt0x.webcindario.com/0001.txt
        Vamos Argentina !

[ Description ]

 It was designed to help PHP programmers store commonly
used code in a central repository. Code can be stored 
in categories for easy managment.
  
[ Vulnerability ]
 
 PHP Code Snippet Library not have html filters in:

cat_select
show

 
[ Proof of concept ]

 http://localhost/[path]/index.php?cat_select=[XSS]
 http://localhost/[path]/index.php?cat_select=[XSS]&show=[XSS]

 Example:

 http://nikyt0x.webcindario.com/1.jpg
Previous By Date Next
Previous By Thread Next

Current thread: