Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

phpLinkat XSS Security Bug

From: Sp.IC <SpeedICNet () Hotmail Com>
Date: 4 Oct 2002 17:28:10 -0000


.:: phpLinkat XSS Security Bug.

phpLinkat is a free Web-Based link indexing script written in PHP and 
runs on MySQL. This product is vulnerable to the Cross-Site 
Scripting vulnerability that would allow attackers to inject HTML and 
script codes into the pages and execute it on the clients browser as if 
it were provided by the site.

+ Tested on:

    - phpLinkat 0.1.0

+ Exploit:

    - showcat.php?catid=&lt;Script&gt;JavaScript:alert('XSS Exploit');&lt;/Script&gt;
    - addyoursite.php?catid=&lt;Script&gt;JavaScript:alert('XSS 
Exploit');&lt;/Script&gt;

+ Solution:

    - Open showcat.php
    - Add this code to line 6:

        $catid = HTMLSpecialChars($catid);
        $catid = PREG_Replace("/[A-Z&.;:()~!@#$%^''*\{\}\/]/i", "", 
$catid);

    - Open addyoursite.php
    - Add this code to line 6:

        $catid = HTMLSpecialChars($catid);
        $catid = PREG_Replace("/[A-Z&.;:()~!@#$%^''*\{\}\/]/i", "", 
$catid);

+ Links:

   - Http://www.DesClub.com
Previous By Date Next
Previous By Thread Next

Current thread: