phpBugTracker version 1.0.5 suffers from multiple reflective cross site scripting vulnerabilities.
e653f2dcaa267e5788cce847b1b903fcb155cef35150ac6fd4a767c3f855861d
phpBugTracker 1.0.5 Multiple Reflected XSS Vulnerabilities
Vendor: Benjamin Curtis
Product web page: http://phpbt.sourceforge.net/
Affected version: 1.0.5
Summary: phpBugTracker is a web-based bug tracker with functionality
similar to other issue tracking systems, such as Bugzilla. Design
focuses on separating the presentation, application, and database
layers. phpBugTracker is lightweight and easy to install, operate
and administer. Most text can be customized for your application.
Desc: phpBugTracker suffers from multiple cross-site scripting vulns.
The issue is triggered when input passed via the 'form' parameter to
the 'query.php' script is not properly sanitized before being returned
to the user. This can be exploited to execute arbitrary HTML and script
code in a user's browser session in context of an affected site.
'query.php' and 'newaccount.php' are also vulnerable because they fail
to perform filtering when using the REQUEST_URI variable.
Tested on: Microsoft Windows XP Professional SP3 (EN)
Apache 2.2.14 (Win32)
PHP 5.3.1
MySQL 5.1.41
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
liquidworm gmail com
Advisory ID: ZSL-2011-4996
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-4996.php
07.02.2011
-----
http://127.0.0.1/query.php?op=doquery&form=1>'><script>alert(1)</script>
http://127.0.0.1/query.php/>'><script>alert(1)</script>
http://127.0.0.1/newaccount.php/>"><script>alert(1)</script>