PHPDeveloper: PHP News, Views and Community

	News Feed
	Jobs Feed

Sections

Tutorials

Books

Events

Talks

Jobs

Recent Jobs

Job Posting: TEKSystems (Recruiter) Seeks PHP Web Application Developers (Tampa, FL)

Job Posting: Quinstreet, Inc. Seeks Sr. PHP Developer (Foster City, CA)

Job Posting: WideEye Interactive/Moroch Advertising Seeks Web Developer (Dallas, TX)

Job Posting: Project People Ltd (Recruiter) Seeks PHP Developer (Paris, France)

Job Posting: Snelling (Recruiter) Seeks Web Programmer (Boston, MA)

Job Posting: Veedow Seeks Senior PHP Developer/Architect (London, UK)

Job Posting: Apex Systems (Recruiter) Seeks PHP Web Developers (Tampa, FL)

Job Posting: WordStream Seeks Web Application Developer (Needham, MA)

Job Posting: JS Creative Seeks Web Developer (Atlanta, GA)

Job Posting: Kodak Graphic Communications Group Seeks PHP Application Developer (Stamford, CT)

News Archive

Community News: Latest PECL Releases for 12.02.2008

Till's Blog: ZendFramework (performance) II

Sebastian Bergmann's Blog: Freezing and Thawing PHP Objects

Jani Hartikainen's Blog: NetBeans 6.5 review (with PHP support)

Rob Allen's Blog: File uploads with Zend_Form_Element_File

PHPro.org: Calculate Friday The 13th With Datetime Class

Marco Tabini's Blog: It turns out, I was wrong

Community News: Latest PEAR Releases for 12.01.2008

Site News: Job Postings for the week of 11.23.2008

KillerPHP.com: Creating a Wordpress Theme from Scratch (Video)

feed this:

Secunia.com:
PHPChain Two Cross-Site Scripting Vulnerabilities

by Chris Cornutt May 04, 2007 @ 11:28:00

Secunia.com has posted a PHP-related issue that users of the PHPChain application should look into:

r0t has discovered some vulnerabilities in PHPChain, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "catid" parameter in settings.php (when "action" is set to "edit") and cat.php is not properly sanitised before it is returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

If a user is logged in and the exploit is in place, the attacker could gain access to the application and gain access to a user's information. The recommended fix is to correct the source code so that the information coming in is correctly sanitized.

0 comments voice your opinion now!
secunia vulnerability xss crosssitescripting phpchain secunia vulnerability xss crosssitescripting phpchain

Community Events

Don't see your event here?
Let us know!

All content copyright, 2008 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework