[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    PHP Code Snippet Library Multiple Cross-Site Scripting (XSS)
From:       Nikyt0x Argentina <nikyt0x () hotmail ! com>
Date:       2004-08-24 22:04:46
Message-ID: 20040824220446.28448.qmail () www ! securityfocus ! com
[Download RAW message or body]



[Nikkyt0x Advisory]
#0000-0001

	[PHP Code Snippet Library Multiple Cross-Site Scripting (XSS) Vulnerabilities]


Software: PHP Code Snippet Library 
Vendor: http://www.php-csl.com/
Date: 24/08/2004
Author: Nikyt0x [ nikyt0x@hotmail.com ]
Site: http://nikyt0x.webcindario.com
Advisory URL: http://nikyt0x.webcindario.com/0001.txt
	Vamos Argentina !

[ Description ]

 It was designed to help PHP programmers store commonly
used code in a central repository. Code can be stored 
in categories for easy managment.
  
[ Vulnerability ]
 
 PHP Code Snippet Library not have html filters in:
 >cat_select
 >show
 
[ Proof of concept ]

 http://localhost/[path]/index.php?cat_select=[XSS]
 http://localhost/[path]/index.php?cat_select=[XSS]&show=[XSS]

 Example:

 http://nikyt0x.webcindario.com/1.jpg



[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic