Search | Research | Contact Us Tuesday January 17, 2022
Languages
Most Viewed Items
  1 PHPXMLRPC Library Remote Code Execution
  2 Multiple Invision Power Board Vulnerabilities
  3 eBay And Amazon Still Vulnerable
  4 XOOPS 2.0.11 && Earlier Multiple Vulnerabilities
  5 Woltlab Burning Board SQL Injection Vulnerability
  6 When Small Mistakes Can Cause Big Problems
  7 Multiple Vulnerabilities In phpWebsite
  8 Critical Vulnerability In Help Center Live
  9 dbPowerAmp Buffer Overflow And DoS Vulnerabilities
10 Document Object Model Hijacking Explained
Need Secure Code?
Quick Search
You can use the form below to search our site. Just enter the keywords to search.
Home Services Archives Research Downloads Contact
Multiple Vulnerabilities In PHP Links
January 17, 2022
Vendor : destiney.com
URL : http://phplinks.sourceforge.net/
Version : phpLinks 2.1.2
Risk : Code Injection Vulnerabilities
BID : http://www.securityfocus.com/bid/6632
: http://www.securityfocus.com/bid/6633


Description:
phpLinks is an open source free PHP script. phpLinks allows you to run a very powerful link farm or search engine. phpLinks has multilevel site categorization, infinite threaded search capabilities and more.


Search Script Injection Vulnerability:
phpLinks is prone to HTML injection due to a vulnerability in the search feature. Search queries are not sufficiently sanitized of HTML and script code. These search queries may potentially be displayed to other users when the most popular searches are viewed. If an attacker includes malicious HTML or script code in these queries, it is possible that the attacker-supplied code may be rendered in the web client software of other users.


Add Site Script Injection Vulnerability:
phpLinks does not sufficiently sanitized HTML and script code supplied via form fields before displaying this data to administrative users. This issue exists in the 'add.php' script, which is used to add sites to the phpLinks system. As a result, an attacker may cause malicious HTML and script code to be executed in the web client of an administrative user who reviews attacker-supplied data submitted when a site is added.


Solution:
http://www.securityfocus.com/bid/6632/solution/
http://www.securityfocus.com/bid/6633/solution/


Proof Of Conecpt Exploit:
phpLinks Arbitrary Command Proof Of Concept


Credits:
James Bercegay of the GulfTech Security Research Team.