URL and Title XSS in AxsLinks
- URL and Title XSS in AxsLinks
- Last Update
- n/a n/a
- Risk Level
- Cross Site Scripting
- Unpatched. Vendor notified. No reply from developer(s)
- AXScripts (http://www.axscripts.com/)
- Vulnerable Software
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Cross Site Scripting found in AxsLinks script.
1. XSS in URL recip link.
User-defined variable $_POST['url'] is not sanitized before using in html code. This can be used to post arbitrary script or any other malicious code.
2. XSS in Link Title.
Variable $_POST['title'] is not properly sanitized before using in html code.
1. Exploit code for XSS in URL recip link.
URL recip link: http://valid link/"<XSS>
2. Exploit code for XSS in Link Title.
Link Title: <XSS>
This script calls sanitize() functions from actions/addlink.php file. But they are used in a wrong way. Check /lib/sanitize.inc.php file for more details.
Order Source Code Testing
Protect a website or web application by source code testing of a website made by our team.The task will be done by experts in website security.