<<< Date Index >>>     <<< Thread Index >>>

PHP Code Snippet Library Multiple Cross-Site Scripting (XSS) Vulnerabilities




[Nikkyt0x Advisory]
#0000-0001

        [PHP Code Snippet Library Multiple Cross-Site Scripting (XSS) 
Vulnerabilities]


Software: PHP Code Snippet Library 
Vendor: http://www.php-csl.com/
Date: 24/08/2004
Author: Nikyt0x [ nikyt0x@xxxxxxxxxxx ]
Site: http://nikyt0x.webcindario.com
Advisory URL: http://nikyt0x.webcindario.com/0001.txt
        Vamos Argentina !

[ Description ]

 It was designed to help PHP programmers store commonly
used code in a central repository. Code can be stored 
in categories for easy managment.
  
[ Vulnerability ]
 
 PHP Code Snippet Library not have html filters in:
 >cat_select
 >show
 
[ Proof of concept ]

 http://localhost/[path]/index.php?cat_select=[XSS]
 http://localhost/[path]/index.php?cat_select=[XSS]&show=[XSS]

 Example:

 http://nikyt0x.webcindario.com/1.jpg