PHProxy Error Parameter Cross-Site Scripting Vulnerability
BID:12115
Info
PHProxy Error Parameter Cross-Site Scripting Vulnerability
| Bugtraq ID: | 12115 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 27 2004 12:00AM |
| Updated: | Dec 27 2004 12:00AM |
| Credit: | Discovery is credited to Bos hcash. |
| Vulnerable: |
PHProxy PHProxy 0.3 PHProxy PHProxy 0.2 PHProxy PHProxy 0.1 |
| Not Vulnerable: | |
Discussion
PHProxy Error Parameter Cross-Site Scripting Vulnerability
PHProxy is reported prone to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input.
The problem presents itself when malicious HTML and script code is sent to the application through the 'error' parameter.
This vulnerability is reported to exist in PHProxy 0.3 and prior versions.
PHProxy is reported prone to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input.
The problem presents itself when malicious HTML and script code is sent to the application through the 'error' parameter.
This vulnerability is reported to exist in PHProxy 0.3 and prior versions.
Exploit / POC
PHProxy Error Parameter Cross-Site Scripting Vulnerability
An exploit is not required.
An example URI sufficient to exploit this vulnerability was provided:
http://www.example.com/poxy/index.php?error=html%20code%20could%20be%20easily%20injected%20here
An exploit is not required.
An example URI sufficient to exploit this vulnerability was provided:
http://www.example.com/poxy/index.php?error=html%20code%20could%20be%20easily%20injected%20here
Solution / Fix
PHProxy Error Parameter Cross-Site Scripting Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.