7 lines
No EOL
646 B
Text
Executable file
7 lines
No EOL
646 B
Text
Executable file
source: http://www.securityfocus.com/bid/5945/info
|
|
|
|
phpRank is a freely available web site link sharing script. It is available for Unix, Linux, and Microsoft operating systems.
|
|
|
|
It has been reported that phpRank is vulnerable to cross-site scripting attacks. Under some circumstances, it is possible to force the rendering of arbitrary HTML and script code through the add.php portion of the phpRank package. This could allow the execution of potentially malicious script and HTML in the security context of a vulnerable site.
|
|
|
|
http://example.com/phprank/add.php?page=add&spass=1&name=2&siteurl=3&email=%3Cscript%3Ealert(42)%3C/script%3E |