• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

PHPRank Banner Script Code Injection Vulnerability

phpRank is a freely available web site link sharing script. It is available for Unix, Linux, and Microsoft operating systems.

It has been reported that phpRank does not properly filter some forms of input. When a user submits a site to the banner list, it is possible for the user to insert arbitrary HTML or script code in the banner URL. This could allow a remote user to execute arbitrary code in the browser of clients visiting the site.