Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

phplinkdirectory_070121.txt

🗓️ 24 Jan 2007 00:00:00Reported by Jussi VuokkoType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 29 Views

PHP Link Directory XSS vulnerability in admin interface allowing Cross Site Scripting attacks against link directory admin. Vendor has released updated version

Code
` Smilehouse Oy  
-= Security Advisory =-  
  
  
Advisory: PHP Link Directory XSS Vulnerability  
Release Date: 2007/01/21  
Last Modified: 2007/01/21  
Authors: Jussi Vuokko, CISSP [[email protected]]  
Henri Lindberg, Associate of (ISC)² [[email protected]]  
  
Application: PHP Link Directory <= 3.0.6  
Severity: XSS vulnerability within the administration  
interface allow Cross Site Scripting attacks against  
the link directory admin  
Risk: Critical  
Vendor Status: Vendor has released an updated version  
References: http://www.smilehouse.com/advisory/phplinkdirectory_070121.txt  
  
  
Overview:  
  
Quote from http://www.phplinkdirectory.com  
"phpLD is now the most widely used directory script on the  
internet. Our customers having tested the script on over 10,000  
websites has allowed us to bring you a script that works in  
virtually all PHP hosting environments. Put simply, it just  
works."  
  
During an quick audit of PHP Link Directory it was discovered that  
XSS vulnerability exist in the administration area. Thus, it is  
possible for an attacker, tricking an admin, to validate submitted  
link, and to perform any administrative actions in the link  
directory. These include e.g. posting entries or adding additional  
admin users.  
  
  
Details:  
  
PHP Link Directory failed to sanitize user input correctly on the  
administration page. User can submit link (URL) containing  
javascript which will be executed on the administration page after  
selecting "Validate links" -> "Start". This is due to the URL being  
saved without HTML encoding.  
  
  
Proof of Concept:  
  
Example of an URL:  
  
http://www.example.com/index.html"><script>;alert('url');</script>  
  
As "Validate links" -> "Start" is selected on the administration  
page the javascript alert will pop up.  
  
  
Workaround  
  
Update to PHP Link Directory > 3.0.6.  
  
  
Disclosure Timeline:  
  
30. October 2006 - Contacted PHP Link Directory developers by email  
1. December 2006 - Vender released an updated version  
21. January 2007 - Advisory was released  
  
  
Copyright 2007 Smilehouse Oy. All rights reserved.  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
24 Jan 2007 00:00Current
7.4High risk
Vulners AI Score7.4
php link directoryxss vulnerabilitycross site scriptingadmin interfaceupdated version
29