phpLinkat XSS Security Bug

Sp . IC Sat, 05 Oct 2002 13:28:06 -0700


.:: phpLinkat XSS Security Bug.

phpLinkat is a free Web-Based link indexing script written in PHP and 
runs on MySQL. This product is vulnerable to the Cross-Site 
Scripting vulnerability that would allow attackers to inject HTML and 
script codes into the pages and execute it on the clients browser as if 
it were provided by the site.

+ Tested on:

    - phpLinkat 0.1.0

+ Exploit:

    - showcat.php?catid=&lt;Script&gt;JavaScript:alert('XSS Exploit');&lt;/Script&gt;
    - addyoursite.php?catid=&lt;Script&gt;JavaScript:alert('XSS 
Exploit');&lt;/Script&gt;

+ Solution:

    - Open showcat.php
    - Add this code to line 6:

        $catid = HTMLSpecialChars($catid);
        $catid = PREG_Replace("/[A-Z&.;:()~!@#$%^''*\{\}\/]/i", "", 
$catid);

    - Open addyoursite.php
    - Add this code to line 6:

        $catid = HTMLSpecialChars($catid);
        $catid = PREG_Replace("/[A-Z&.;:()~!@#$%^''*\{\}\/]/i", "", 
$catid);

+ Links:

   - Http://www.DesClub.com

phpLinkat XSS Security Bug

Reply via email to