phpLinkat XSS Security Bug

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



.:: phpLinkat XSS Security Bug.

phpLinkat is a free Web-Based link indexing script written in PHP and 
runs on MySQL. This product is vulnerable to the Cross-Site 
Scripting vulnerability that would allow attackers to inject HTML and 
script codes into the pages and execute it on the clients browser as if 
it were provided by the site.

+ Tested on:

    - phpLinkat 0.1.0

+ Exploit:

    - showcat.php?catid=<Script>JavaScript:alert('XSS Exploit');</Script>
    - addyoursite.php?catid=<Script>JavaScript:alert('XSS 
Exploit');</Script>

+ Solution:

    - Open showcat.php
    - Add this code to line 6:

        $catid = HTMLSpecialChars($catid);
        $catid = PREG_Replace("/[A-Z&.;:()~!@#$%^''*\{\}\/]/i", "", 
$catid);

    - Open addyoursite.php
    - Add this code to line 6:

        $catid = HTMLSpecialChars($catid);
        $catid = PREG_Replace("/[A-Z&.;:()~!@#$%^''*\{\}\/]/i", "", 
$catid);

+ Links:

   - Http://www.DesClub.com
[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux