[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PHP Code Snippet Library Multiple Cross-Site Scripting (XSS) Vulnerabilities

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: PHP Code Snippet Library Multiple Cross-Site Scripting (XSS) Vulnerabilities
From: Nikyt0x Argentina <nikyt0x@xxxxxxxxxxx>
Date: 24 Aug 2004 22:04:46 -0000


[Nikkyt0x Advisory]
#0000-0001

        [PHP Code Snippet Library Multiple Cross-Site Scripting (XSS) 
Vulnerabilities]


Software: PHP Code Snippet Library 
Vendor: http://www.php-csl.com/
Date: 24/08/2004
Author: Nikyt0x [ nikyt0x@xxxxxxxxxxx ]
Site: http://nikyt0x.webcindario.com
Advisory URL: http://nikyt0x.webcindario.com/0001.txt
        Vamos Argentina !

[ Description ]

 It was designed to help PHP programmers store commonly
used code in a central repository. Code can be stored 
in categories for easy managment.
  
[ Vulnerability ]
 
 PHP Code Snippet Library not have html filters in:
 >cat_select
 >show
 
[ Proof of concept ]

 http://localhost/[path]/index.php?cat_select=[XSS]
 http://localhost/[path]/index.php?cat_select=[XSS]&show=[XSS]

 Example:

 http://nikyt0x.webcindario.com/1.jpg

Prev by Date: Microsoft updates documentation on Windows time synchronization
Next by Date: Possible Security Issues In LiveWorld Products
Previous by thread: Microsoft updates documentation on Windows time synchronization
Next by thread: Possible Security Issues In LiveWorld Products
Index(es):
- Date
- Thread