Risks
Vulnerabilities
Browse by
PHP Code Snippet Library Cross Site Scripting Vulnerability
25 August 2004
Bookmark and Share
From: Nikyt0x Argentina <nikyt0x(At)hotmail.com>

[Nikkyt0x Advisory]
#0000-0001

[PHP Code Snippet Library Multiple Cross-Site Scripting (XSS) Vulnerabilities]

Software: PHP Code Snippet Library
Vendor: http://www.php-csl.com/
Date: 24/08/2004
Author: Nikyt0x [ nikyt0x@hotmail.com ]
Site: http://nikyt0x.webcindario.com
Advisory URL: http://nikyt0x.webcindario.com/0001.txt
Vamos Argentina !

[ Description ]

It was designed to help PHP programmers store commonly used code in a central repository. Code can be stored in categories for easy managment.

[ Vulnerability ]

PHP Code Snippet Library not have html filters in:
>cat_select
>show

[ Proof of concept ]

http://localhost/[path]/index.php?cat_select=[XSS]
http://localhost/[path]/index.php?cat_select=[XSS]&show=[XSS]

Example:

http://nikyt0x.webcindario.com/1.jpg


Spotlight

Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //