[27299] in bugtraq
phpLinkat XSS Security Bug
daemon@ATHENA.MIT.EDU (Sp.IC)
Fri Oct 4 12:28:38 2002
Date: 3 Oct 2002 20:22:44 -0000
Message-ID: <20021003202244.30430.qmail@mail.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: "Sp.IC" <SpeedICNet@Hotmail.Com>
To: bugtraq@securityfocus.com
phpLinkat is a free Web-Based link indexing script written in PHP and
runs on MySQL.This product is server is vulnerable to the Cross-Site
Scripting vulnerability would allow attackers to inject HTML and script
codes into the pages and execute it on the clients browser as if it were
provided by the site.
+ Tested on:
- phpLinkat 0.1.0
+ Exploit:
- showcat.php?catid=<Script>JavaScript:alert('XSS Exploit');</Script>
- addyoursite.php?catid=<Script>JavaScript:alert('XSS
Exploit');</Script>
+ Solution:
- Open showcat.php
- Add this code to line 22:
$catid = HTMLSpecialChars($catid);
$catid = PREG_Match("/^[0-9]/", $catid);
If (!$catid){
Print "Error";
}Else{
- Add this code to line 138:
}} //end if
- Open showcat.php
- Add this code to line 14:
$catid = HTMLSpecialChars($catid);
$catid = PREG_Match("/^[0-9]/", $catid);
If (!$catid){
Print "Error";
}Else{
- Add this code to line 105:
}}
+ Links:
- Http://www.DesClub.com
