PHPRank 1.8 - 'add.php' Cross-Site Scripting

EDB-ID:

21933




Platform:

PHP

Date:

2002-10-10


source: https://www.securityfocus.com/bid/5945/info

phpRank is a freely available web site link sharing script. It is available for Unix, Linux, and Microsoft operating systems.

It has been reported that phpRank is vulnerable to cross-site scripting attacks. Under some circumstances, it is possible to force the rendering of arbitrary HTML and script code through the add.php portion of the phpRank package. This could allow the execution of potentially malicious script and HTML in the security context of a vulnerable site. 

http://example.com/phprank/add.php?page=add&spass=1&name=2&siteurl=3&email=%3Cscript%3Ealert(42)%3C/script%3E