PHP TopSites 2.0/2.2 help.php Cross-Site Scripting Vulnerability

2003-01-15T00:00:00
ID EDB-ID:22176
Type exploitdb
Reporter Cyberarmy Application
Modified 2003-01-15T00:00:00

Description

PHP TopSites 2.0/2.2 help.php Cross Site Scripting Vulnerability. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/6622/info

A vulnerability has been discovered in PHP TopSites. Due to invalid sanitization of user-supplied input by the 'help.php' script, it may be possible for an attacker to steal another users cookie information or other sensitive data.

This issue can be exploited by constructing a malicious URL containing embedded script code as a 'help.php' parameter. When an unsuspecting user follows the link sensitive information, such as cookie-based authentication credentials may be obtained by the attacker.


http://somewebsitesite/TopSitesdirectory/help.php?sid=<script>alert
(document.cookie)</script>