header-logo
Suggest Exploit
vendor:
PHP TopSites
by:
SecurityFocus
8.8
CVSS
HIGH
PHP TopSites Cookie Theft
79
CWE
Product Name: PHP TopSites
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

PHP TopSites Cookie Theft

PHP TopSites is vulnerable to cookie theft due to invalid sanitization of user-supplied input by the 'help.php' script. An attacker can construct a malicious URL containing embedded script code as a 'help.php' parameter. When an unsuspecting user follows the link, sensitive information, such as cookie-based authentication credentials may be obtained by the attacker.

Mitigation:

Upgrade to the latest version of PHP TopSites.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/6622/info

A vulnerability has been discovered in PHP TopSites. Due to invalid sanitization of user-supplied input by the 'help.php' script, it may be possible for an attacker to steal another users cookie information or other sensitive data.

This issue can be exploited by constructing a malicious URL containing embedded script code as a 'help.php' parameter. When an unsuspecting user follows the link sensitive information, such as cookie-based authentication credentials may be obtained by the attacker.


http://somewebsitesite/TopSitesdirectory/help.php?sid=<script>alert
(document.cookie)</script>

Navigation

Suggest Exploit

Services By CQR