PHPcksec 0.2 - PHPcksec.php Cross-Site Scripting

2008-12-17T00:00:00
ID EXPLOITPACK:49D9B7134DF237085007A14A11A3A731
Type exploitpack
Reporter ahmadbady
Modified 2008-12-17T00:00:00

Description

PHPcksec 0.2 - PHPcksec.php Cross-Site Scripting

                                        
                                            source: https://www.securityfocus.com/bid/32890/info

The 'phpcksec' script is prone to a cross-site scripting vulnerability.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials.

This issue affects phpcksec 0.2.0; other versions may also be affected.


http://www.example.com/path/phpcksec.php?path=>\'><ScRiPt >alert(0);</ScRiPt>