URL and Title XSS in AxsLinks
Summary
- Vulnerability
- URL and Title XSS in AxsLinks
- Discovered
- 2010.11.08
- Last Update
- n/a n/a
- ID
- EV0139
- CVE
- n/a
- Risk Level
- medium
- Type
- Cross Site Scripting
- Status
- Unpatched. Vendor notified. No reply from developer(s)
- Vendor
- AXScripts (http://www.axscripts.com/)
- Vulnerable Software
- AxsLinks
- Version
- 0.3
- PoC/Exploit
- Available
- Solution
- Available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Description
Cross Site Scripting found in AxsLinks script.
1. XSS in URL recip link.
User-defined variable $_POST['url'] is not sanitized before using in html code. This can be used to post arbitrary script or any other malicious code.
2. XSS in Link Title.
Variable $_POST['title'] is not properly sanitized before using in html code.
PoC/Exploit
1. Exploit code for XSS in URL recip link.
URL recip link: http://valid link/"<XSS>
2. Exploit code for XSS in Link Title.
Link Title: <XSS>
Solution.
This script calls sanitize() functions from actions/addlink.php file. But they are used in a wrong way. Check /lib/sanitize.inc.php file for more details.