Exploit PHP TopSites 2.0/2.2 - 'help.php' Cross-Site Scripting

[Exploiter]

EDB-ID

22176

Проверка EDB

1. Пройдено

Автор

CYBERARMY APPLICATION

Тип уязвимости

WEBAPPS

Платформа

PHP

CVE

N/A

Дата публикации

2003-01-15

source: https://www.securityfocus.com/bid/6622/info

A vulnerability has been discovered in PHP TopSites. Due to invalid sanitization of user-supplied input by the 'help.php' script, it may be possible for an attacker to steal another users cookie information or other sensitive data.

This issue can be exploited by constructing a malicious URL containing embedded script code as a 'help.php' parameter. When an unsuspecting user follows the link sensitive information, such as cookie-based authentication credentials may be obtained by the attacker.


http://somewebsitesite/TopSitesdirectory/help.php?sid=<script>alert
(document.cookie)</script>