phpLinkat XSS Security Bug

2002-10-04T00:00:00
ID SECURITYVULNS:DOC:3588
Type securityvulns
Reporter Securityvulns
Modified 2002-10-04T00:00:00

Description

phpLinkat is a free Web-Based link indexing script written in PHP and runs on MySQL.This product is server is vulnerable to the Cross-Site Scripting vulnerability would allow attackers to inject HTML and script codes into the pages and execute it on the clients browser as if it were provided by the site.

  • Tested on:

    • phpLinkat 0.1.0
  • Exploit:

    • showcat.php?catid=<Script>JavaScript:alert('XSS Exploit');</Script>
    • addyoursite.php?catid=<Script>JavaScript:alert('XSS Exploit');</Script>
  • Solution:

    • Open showcat.php
    • Add this code to line 22:

    $catid = HTMLSpecialChars($catid); $catid = PREG_Match("/^[0-9]/", $catid);

    If (!$catid){

     Print "Error";
    

    }Else{

    • Add this code to line 138:

    }} //end if

    • Open showcat.php
    • Add this code to line 14:

    $catid = HTMLSpecialChars($catid); $catid = PREG_Match("/^[0-9]/", $catid);

    If (!$catid){

     Print "Error";
    

    }Else{

    • Add this code to line 105:

    }}

  • Links:

  • Http://www.DesClub.com