7 lines
No EOL
645 B
Text
7 lines
No EOL
645 B
Text
source: http://www.securityfocus.com/bid/5945/info
|
|
|
|
phpRank is a freely available web site link sharing script. It is available for Unix, Linux, and Microsoft operating systems.
|
|
|
|
It has been reported that phpRank is vulnerable to cross-site scripting attacks. Under some circumstances, it is possible to force the rendering of arbitrary HTML and script code through the add.php portion of the phpRank package. This could allow the execution of potentially malicious script and HTML in the security context of a vulnerable site.
|
|
|
|
http://example.com/phprank/add.php?page=add&spass=1&name=2&siteurl=3&email=%3Cscript%3Ealert(42)%3C/script%3E |