Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

phpBugTracker 1.0.5 Multiple Reflected XSS Vulnerabilities

🗓️ 18 Feb 2011 00:00:00Reported by Gjoko KrsticType 
zeroscience
 zeroscience🔗 www.zeroscience.mk👁 11 Views

phpBugTracker 1.0.5 Multiple Reflected XSS Vulnerabilities in 'query.php' and 'newaccount.php' scripts, allowing arbitrary code execution in user's browser

Code
<html><body><p>phpBugTracker 1.0.5 Multiple Reflected XSS Vulnerabilities


Vendor: Benjamin Curtis
Product web page: http://phpbt.sourceforge.net/
Affected version: 1.0.5

Summary: phpBugTracker is a web-based bug tracker with functionality
similar to other issue tracking systems, such as Bugzilla. Design
focuses on separating the presentation, application, and database
layers. phpBugTracker is lightweight and easy to install, operate
and administer. Most text can be customized for your application.

Desc: phpBugTracker suffers from multiple cross-site scripting vulns.
The issue is triggered when input passed via the 'form' parameter to
the 'query.php' script is not properly sanitized before being returned
to the user. This can be exploited to execute arbitrary HTML and script
code in a user's browser session in context of an affected site.
'query.php' and 'newaccount.php' are also vulnerable because they fail
to perform filtering when using the REQUEST_URI variable.

Tested on: Microsoft Windows XP Professional SP3 (EN)
           Apache 2.2.14 (Win32)
           PHP 5.3.1
           MySQL 5.1.41

Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            liquidworm gmail com


Advisory ID: ZSL-2011-4996
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-4996.php


07.02.2011


-----

http://127.0.0.1/query.php?op=doquery&amp;form=1&gt;'&gt;<script>alert(1)</script>
http://127.0.0.1/query.php/&gt;'&gt;<script>alert(1)</script>
http://127.0.0.1/newaccount.php/&gt;"&gt;<script>alert(1)</script>
</p></body></html>

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
18 Feb 2011 00:00Current
5.9Medium risk
Vulners AI Score5.9
phpbugtrackercross-site scriptingvulnerabilitiesarbitrary htmlarbitrary script codebenjamin curtiszero science labgjoko krstic
11