PHP Labs - '.proFile' File URI Cross-Site Scripting

EDB-ID:

25473


Author:

sNKenjoi

Type:

webapps


Platform:

PHP

Date:

2005-04-20


source: https://www.securityfocus.com/bid/13282/info

PHP Labs proFile is prone to a cross-site scripting vulnerability. As a result, attackers may embed hostile HTML and script code in a malicious link to the affected application. If the link is followed, the code may be rendered by the victim's browser in the context of the vulnerable site.

Exploitation could allow theft of cookie-based authentication credentials or other attacks. 

http://www.example.com/index.php?act=delete&dir=&file=[XSS]
http://www.example.com/index.php?act=copy&dir=&file=[XSS]
http://www.example.com/index.php?act=rename&dir=&file=[XSS]