Here you can get free support from the community around DeltaScripts. For Commercial support, please submit a trouble ticket.
You are not logged in. Please login or register.
I notified developper.
Phpclassifieds 7.5 is vulnerable xss attack on member_login.php (username and password), search.php (xajax,searchword,do_search,catid_search,reset,catid,order, way) user_info.php (id)
Cross Site Scripting in URI in choose_cat.php
Exemple : http://target/choose_cat.php/%3E%20%3E%20ScRiPt%3EALERT#9184276303360409151
Did you have resolved this probleme for next release ?
I am waiting a reply.
Cordially
mm, i'm interesed in fix that bug, but i need some help...
how want follow me ?
clonick
i have contact the developper ( no replie for moment ) i am not a developper.
Very hard for me to resolved, i have tried.
I know to ad htmlspecialchars or htmlentities whit get and post.
Last edited by istreen (2008-10-18 11:13:39)
Will something like this help?
if ($_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"] != $_SERVER["HTTP_HOST"] . '/choose_cat.php')
{
Header( "Location: http://" . $_SERVER["HTTP_HOST"]."/choose_cat.php");
exit;
}
and on item.php a simple function like
function remove_haakje($str) {
$str = str_replace(">", "", $str);
$str = str_replace("<", "", $str);
return $str;
}
$lTitle=getParam("ad_title","");
$lTitle=remove_haakje($lTitle);
etc
so they can not mess up your html output
Last edited by fonsie (2008-10-16 00:30:06)
the developper must to resolved this probleme.
Did you have fixed this vulnerabilitis on you website with this modif?
The developper don't have replies on my alert email.
Somebody can he resolved this ?
Hight Risk for user
Can you describe where exact are the problems?
for:
Cross Site Scripting in URI in choose_cat.php
Exemple : http://target/choose_cat.php/%3E%20%3E%20ScRiPt%3EALERT#9184276303360409151
I gave you a simple fix
Do you have examples for vulnerable xss attacks???
As far as I know all input to the database goes trough the input filter which will get rid off any problem tags
Hi, can you please indicate where you found the reporting of such errors or provide more information on these to be able to analyze and correct them.
links.php need sanitize variable "order"
xajax is vulnerable to xss attack, is need change to new version.
Last edited by aries (2008-10-21 18:39:40)
it's my job to work vulnerabilties on web application
dude, i think you are wrong, there is no xss vulnerabilities on 7.5 version, all xss bugs are fixed on this version, but in old version there were lots of xss bug. but now everything is ok, can you give an examlpe on a site?
1.-
Version 0.2.4 of xajax who comes in phpclassifieds v7.5, it is susceptible to XSS (http://xajaxproject.org/wiki/0.2.5_Release_Notes)
Is need to use new version 0.5
2.- Is need sanitize the variable "Order" for only receive correct text, because could receive http://atack_file or sql injection