News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Secunia.com:
PHPChain Two Cross-Site Scripting Vulnerabilities
May 04, 2007 @ 11:28:00

Secunia.com has posted a PHP-related issue that users of the PHPChain application should look into:

r0t has discovered some vulnerabilities in PHPChain, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "catid" parameter in settings.php (when "action" is set to "edit") and cat.php is not properly sanitised before it is returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

If a user is logged in and the exploit is in place, the attacker could gain access to the application and gain access to a user's information. The recommended fix is to correct the source code so that the information coming in is correctly sanitized.

0 comments voice your opinion now!
secunia vulnerability xss crosssitescripting phpchain secunia vulnerability xss crosssitescripting phpchain


blog comments powered by Disqus

Similar Posts

Padraic Brady's Blog: CodeIgniter 2.0.2: Cross-Site Scripting (XSS) Fixes And Recommendations

Secunia.com: SUSE update for PHP4

Hardened-PHP Project: WordPress Vulnerability Advisories (XSS & Trackbacks)

Script-Tutorials.com: Protection and Methodologies of Security Vulnerabilities in Web Development

PHP Magazine: SuSE - New PHP Packages Fix XSS and Information Leak


Community Events





Don't see your event here?
Let us know!


version framework install tool language laravel community voicesoftheelephpant interview update podcast introduction security composer package library symfony opinion release series

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework