PHP TopSites 2.0/2.2 help.php Cross-Site Scripting Vulnerability

ID EDB-ID:22176
Type exploitdb
Reporter Cyberarmy Application
Modified 2003-01-15T00:00:00


PHP TopSites 2.0/2.2 help.php Cross Site Scripting Vulnerability. Webapps exploit for php platform


A vulnerability has been discovered in PHP TopSites. Due to invalid sanitization of user-supplied input by the 'help.php' script, it may be possible for an attacker to steal another users cookie information or other sensitive data.

This issue can be exploited by constructing a malicious URL containing embedded script code as a 'help.php' parameter. When an unsuspecting user follows the link sensitive information, such as cookie-based authentication credentials may be obtained by the attacker.