header-logo
Suggest Exploit
vendor:
PHP TopSites
by:
7.5
CVSS
HIGH
Cross-Site Scripting (XSS), SQL Injection
79, 89
CWE
Product Name: PHP TopSites
Affected Version From: 2.1
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

PHP TopSites Cross-Site Scripting and SQL Injection Vulnerabilities

The PHP TopSites application is vulnerable to a cross-site scripting (XSS) and SQL injection vulnerability. The application does not properly sanitize user-supplied data, allowing an attacker to execute arbitrary script code in the context of the affected site. This can lead to various attacks such as stealing authentication credentials, compromising the application, accessing or modifying data, and exploiting vulnerabilities in the underlying database.

Mitigation:

To mitigate these vulnerabilities, it is recommended to sanitize user-supplied data before using it in SQL queries or displaying it on web pages. The application should also implement proper input validation and output encoding to prevent cross-site scripting attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/45389/info

PHP TopSites is prone to a cross-site scripting vulnerability and an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

PHP TopSites 2.1 is vulnerable; other versions may also be affected. 

The following example URIs are available:

http://www.example.com/topsites/rate.php?site=-999.9%27%20UNION%20ALL%20SELECT%20%28SELECT%20concat%280x7e,group_concat%28top_user.email,0x7e,top_user.password%29,0x7e%29%20FROM%20%60topfunsites_com_-_topsites%60.top_user%29%20,null%20and%20%27x%27=%27x

http://www.example.com/topsites/rate.php?site="'><script>alert('xss')</script>