PHP Labs proFile Dir URI Variable Cross-Site Scripting Vulnerability
BID:13276
Info
PHP Labs proFile Dir URI Variable Cross-Site Scripting Vulnerability
| Bugtraq ID: | 13276 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 20 2005 12:00AM |
| Updated: | Apr 20 2005 12:00AM |
| Credit: | Discovery is credited to sNKenjoi. |
| Vulnerable: |
PHP Labs proFile |
| Not Vulnerable: | |
Discussion
PHP Labs proFile Dir URI Variable Cross-Site Scripting Vulnerability
PHP Labs proFile is prone to a cross-site scripting vulnerability. As a result, attackers may embed hostile HTML and script code in a malicious link to the affected application. If the link is followed, the code may be rendered by the victim's browser in the context of the vulnerable site.
Exploitation could allow theft of cookie-based authentication credentials or other attacks.
PHP Labs proFile is prone to a cross-site scripting vulnerability. As a result, attackers may embed hostile HTML and script code in a malicious link to the affected application. If the link is followed, the code may be rendered by the victim's browser in the context of the vulnerable site.
Exploitation could allow theft of cookie-based authentication credentials or other attacks.
Exploit / POC
PHP Labs proFile Dir URI Variable Cross-Site Scripting Vulnerability
The following example was provided:
http://www.example.com/index.php?act=load&dir=[XSS]
The following example was provided:
http://www.example.com/index.php?act=load&dir=[XSS]
Solution / Fix
PHP Labs proFile Dir URI Variable Cross-Site Scripting Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
PHP Labs proFile Dir URI Variable Cross-Site Scripting Vulnerability
References:
References:
- [ZH2005-10SA] XSS Vulnerabilities in proFile (sNKenjoi)
- proFile Homepage (PHP Labs)