URL and Title XSS in AxsLinks

Summary

Vulnerability
URL and Title XSS in AxsLinks
Discovered
2010.11.08
Last Update
n/a n/a
ID
EV0139
CVE
n/a
Risk Level
medium
Type
Cross Site Scripting
Status
Unpatched. Vendor notified. No reply from developer(s)
Vendor
AXScripts (http://www.axscripts.com/)
Vulnerable Software
AxsLinks
Version
0.3
PoC/Exploit
Available
Solution
Available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

Cross Site Scripting found in AxsLinks script.

1. XSS in URL recip link.

User-defined variable $_POST['url'] is not sanitized before using in html code. This can be used to post arbitrary script or any other malicious code.

2. XSS in Link Title.

Variable $_POST['title'] is not properly sanitized before using in html code.

PoC/Exploit

1. Exploit code for XSS in URL recip link.

URL recip link: http://valid link/"<XSS>

2. Exploit code for XSS in Link Title.

Link Title: <XSS>

Solution.

This script calls sanitize() functions from actions/addlink.php file. But they are used in a wrong way. Check /lib/sanitize.inc.php file for more details.