SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Forum/Board/Portal)  >   phpLinkat Vendors:   DesClub.com
phpLinkat Input Validation Bug Lets Remote Users Conduct Cross-Site Scripting Attacks
SecurityTracker Alert ID:  1005361
SecurityTracker URL:  http://securitytracker.com/id/1005361
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Oct 6 2002
Impact:   Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Exploit Included:  Yes  
Version(s): 0.1.0
Description:   An input validation vulnerability was reported in phpLinkat. A remote user can conduct cross-site scripting attacks against web site users.

It is reported that phpLinkat does not properly filter HTML from user-supplied input. A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running phpLinkat and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

Some demonstration exploit URLs are provided:

showcat.php?catid=<Script>JavaScript:alert('XSS Exploit');</Script>

addyoursite.php?catid=<Script>JavaScript:alert('XSS Exploit');</Script>

Impact:   A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running phpLinkat, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution:   No solution was available at the time of this entry.

The author of the report has provided the following unofficial patch:

- Open showcat.php
- Add this code to line 6:

$catid = HTMLSpecialChars($catid);
$catid = PREG_Replace("/[A-Z&.;:()~!@#$%^''*\{\}\/]/i", "",
$catid);

- Open addyoursite.php
- Add this code to line 6:

$catid = HTMLSpecialChars($catid);
$catid = PREG_Replace("/[A-Z&.;:()~!@#$%^''*\{\}\/]/i", "", $catid);

Vendor URL:  www.desclub.com/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  phpLinkat XSS Security Bug




.:: phpLinkat XSS Security Bug.

phpLinkat is a free Web-Based link indexing script written in PHP and 
runs on MySQL. This product is vulnerable to the Cross-Site 
Scripting vulnerability that would allow attackers to inject HTML and 
script codes into the pages and execute it on the clients browser as if 
it were provided by the site.

+ Tested on:

    - phpLinkat 0.1.0

+ Exploit:

    - showcat.php?catid=<Script>JavaScript:alert('XSS Exploit');</Script>
    - addyoursite.php?catid=<Script>JavaScript:alert('XSS 
Exploit');</Script>

+ Solution:

    - Open showcat.php
    - Add this code to line 6:

        $catid = HTMLSpecialChars($catid);
        $catid = PREG_Replace("/[A-Z&.;:()~!@#$%^''*\{\}\/]/i", "", 
$catid);

    - Open addyoursite.php
    - Add this code to line 6:

        $catid = HTMLSpecialChars($catid);
        $catid = PREG_Replace("/[A-Z&.;:()~!@#$%^''*\{\}\/]/i", "", 
$catid);

+ Links:

   - Http://www.DesClub.com

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC