BugTraq
Back to list
|
Post reply
PHP Code Snippet Library Multiple Cross-Site Scripting (XSS) Vulnerabilities
Aug 24 2004 10:04PM
Nikyt0x Argentina (nikyt0x hotmail com)
[Nikkyt0x Advisory]
#0000-0001
[PHP Code Snippet Library Multiple Cross-Site Scripting (XSS) Vulnerabilities]
Software: PHP Code Snippet Library
Vendor: http://www.php-csl.com/
Date: 24/08/2004
Author: Nikyt0x [ nikyt0x (at) hotmail (dot) com [email concealed] ]
Site: http://nikyt0x.webcindario.com
Advisory URL: http://nikyt0x.webcindario.com/0001.txt
Vamos Argentina !
[ Description ]
It was designed to help PHP programmers store commonly
used code in a central repository. Code can be stored
in categories for easy managment.
[ Vulnerability ]
PHP Code Snippet Library not have html filters in:
>cat_select
>show
[ Proof of concept ]
http://localhost/[path]/index.php?cat_select=[XSS]
http://localhost/[path]/index.php?cat_select=[XSS]&show=[XSS]
Example:
http://nikyt0x.webcindario.com/1.jpg
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
[Nikkyt0x Advisory]
#0000-0001
[PHP Code Snippet Library Multiple Cross-Site Scripting (XSS) Vulnerabilities]
Software: PHP Code Snippet Library
Vendor: http://www.php-csl.com/
Date: 24/08/2004
Author: Nikyt0x [ nikyt0x (at) hotmail (dot) com [email concealed] ]
Site: http://nikyt0x.webcindario.com
Advisory URL: http://nikyt0x.webcindario.com/0001.txt
Vamos Argentina !
[ Description ]
It was designed to help PHP programmers store commonly
used code in a central repository. Code can be stored
in categories for easy managment.
[ Vulnerability ]
PHP Code Snippet Library not have html filters in:
>cat_select
>show
[ Proof of concept ]
http://localhost/[path]/index.php?cat_select=[XSS]
http://localhost/[path]/index.php?cat_select=[XSS]&show=[XSS]
Example:
http://nikyt0x.webcindario.com/1.jpg
[ reply ]