maranphp-xss.txt

2008-07-21T00:00:00
ID PACKETSTORM:68372
Type packetstorm
Reporter IRCRASH
Modified 2008-07-21T00:00:00

Description

                                        
                                            `----------------------------------------------------------------  
  
Script : Maran PHP Blog  
  
Type : XSS (Pasive)  
  
Method : GET  
  
Alert : Medium  
  
----------------------------------------------------------------  
  
Discovered by : Khashayar Fereidani a.k.a. Dr.Crash  
  
My Offical Website : HTTP://FEREIDANI.IR  
  
Khashayar Fereidani Email : irancrash [ a t ] gmail [ d o t] com  
  
----------------------------------------------------------------  
  
Khashayar Fereidani Offical Website : HTTP://FEREIDANI.IR  
  
----------------------------------------------------------------  
  
Script Download : http://www.maran.pamil-visions.com/download2.php?dir=maranphp&file=maranblog.zip  
  
----------------------------------------------------------------  
  
This Is One Xss Vulnerability in ID Variable .  
Attacker Can Execute JavaScript Code And Get Admin Cookie And Send new article with admin cookie .....  
  
Xss Address : http://Example/comments.php?id=%3E%3C%3E%27%3Cscript%3Ealert(document.cookie)%3C/script%3E  
  
  
----------------------------------------------------------------  
  
Solution : Edit Source Code And Filter id Variable With htmlspecialchars() function in comments.php .......  
  
line 32 : <input type='hidden' name='id' value='<?echo $_GET['id'];?>'><br>  
  
Change It To : <input type='hidden' name='id' value='<?echo htmlspecialchars($_GET['id']);?>'><br>  
  
----------------------------------------------------------------  
  
Tnx : God  
  
HTTP://IRCRASH.COM  
  
----------------------------------------------------------------  
`