header-logo
Suggest Exploit
vendor:
PhpLinkExchange
by:
Stink'
5.5
CVSS
MEDIUM
XSS/Upload
79
CWE
Product Name: PhpLinkExchange
Affected Version From: PhpLinkExchange v1.02
Affected Version To: PhpLinkExchange v1.02
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2009

PhpLinkExchange v1.02 – XSS/Upload Vulerability

The vulnerability allows for XSS attacks in the URL and form fields, as well as an upload vulnerability that can be used to upload a shell.

Mitigation:

Apply proper input validation and output encoding to prevent XSS attacks. Fix the upload vulnerability by implementing file type validation and proper file upload handling.
Source

Exploit-DB raw data:

#############################
PhpLinkExchange v1.02 - XSS/Upload Vulerability
Discovered by : Stink'
Date : 2009-12-16
Dork : "PhpLinkExchange v1.02"
Website Publisher : http://www.idevspot.com/PhpLinkExchange.php
#############################

-- [XSS in URL] --
http://server/links/PhpLinkExchange/index.php?page=home&catid=[XSS]

-- [XSS in form] --
http://server/links/PhpLinkExchange/index.php?page=tellafriend
The XSS is in "Your Email Adress"

-- [Upload Vulnerability] --
http://server/links/library/add_images.php
After your shell uploaded, go here :
http://server/links/appimage/ and search your shell :)

Navigation

Suggest Exploit

Services By CQR