[27317] in bugtraq
phpLinkat XSS Security Bug
daemon@ATHENA.MIT.EDU (Sp.IC)
Sat Oct 5 17:06:29 2002
Date: 4 Oct 2002 17:28:10 -0000
Message-ID: <20021004172810.2451.qmail@mail.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: "Sp.IC" <SpeedICNet@Hotmail.Com>
To: bugtraq@securityfocus.com
.:: phpLinkat XSS Security Bug.
phpLinkat is a free Web-Based link indexing script written in PHP and
runs on MySQL. This product is vulnerable to the Cross-Site
Scripting vulnerability that would allow attackers to inject HTML and
script codes into the pages and execute it on the clients browser as if
it were provided by the site.
+ Tested on:
- phpLinkat 0.1.0
+ Exploit:
- showcat.php?catid=<Script>JavaScript:alert('XSS Exploit');</Script>
- addyoursite.php?catid=<Script>JavaScript:alert('XSS
Exploit');</Script>
+ Solution:
- Open showcat.php
- Add this code to line 6:
$catid = HTMLSpecialChars($catid);
$catid = PREG_Replace("/[A-Z&.;:()~!@#$%^''*\{\}\/]/i", "",
$catid);
- Open addyoursite.php
- Add this code to line 6:
$catid = HTMLSpecialChars($catid);
$catid = PREG_Replace("/[A-Z&.;:()~!@#$%^''*\{\}\/]/i", "",
$catid);
+ Links:
- Http://www.DesClub.com
