PHPRank 1.8 Add.PHP Cross-Site Scripting Vulnerability

2014-07-01T00:00:00
ID SSV:75748
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

No description provided by source.

                                        
                                            
                                                source: http://www.securityfocus.com/bid/5945/info

phpRank is a freely available web site link sharing script. It is available for Unix, Linux, and Microsoft operating systems.

It has been reported that phpRank is vulnerable to cross-site scripting attacks. Under some circumstances, it is possible to force the rendering of arbitrary HTML and script code through the add.php portion of the phpRank package. This could allow the execution of potentially malicious script and HTML in the security context of a vulnerable site. 

http://example.com/phprank/add.php?page=add&spass=1&name=2&siteurl=3&email=%3Cscript%3Ealert(42)%3C/script%3E