Cross-site scripting vulnerability in PHP Banner Exchange

vendor:

PHP Banner Exchange

by:

Unknown

5.5

CVSS

MEDIUM

Cross-site scripting (XSS)

CWE

Product Name: PHP Banner Exchange

Affected Version From: PHP Banner Exchange 1.2

Affected Version To: Unknown

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Unknown

Unknown

Cross-site scripting vulnerability in PHP Banner Exchange

The PHP Banner Exchange application fails to properly sanitize user-supplied input, leading to a cross-site scripting vulnerability. An attacker can exploit this vulnerability to execute arbitrary script code in the browser of a targeted user, potentially stealing authentication credentials and launching further attacks.

Mitigation:

To mitigate this vulnerability, it is recommended to implement proper input validation and sanitization techniques. Developers should ensure that user-supplied input is properly encoded or filtered to prevent the execution of arbitrary script code.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/40165/info

PHP Banner Exchange is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

PHP Banner Exchange 1.2 is vulnerable; other versions may also be affected. 

http://www.example.com/signupconfirm.php?name=indoushkax&login=hacked&pass=exploit&email=indoushka%40hotmail%2E.com&url=http%3A%2F%2F&bannerurl=<script>alert(213771818860)</script>&submit=%C7%D6%DB%D8%20%E3%D1%C9%20%E6%C7%CD%CF%C9%20%E1%E1%C7%D4%CA%D1%C7%DF