URL XSS in Easy Banner Free

Description

Cross Site Scripting found in Easy Banner Free script.

URL XSS

Site URL and Banner URL are not properly sanitized against Cross Site Scripting attacks. Vulnerable script: index.php. Parameters siteurl and urlbanner may contain XSS code.

PoC/Exploit

Site URL XSS

Script index.php checks only if "http://" is present at the beginning of siteurl parameter.

Site URL XSS example: http://"><script>alert(XSS)</script><aa aa="

Banner URL XSS

Script index.php checks only if some image file extension is present at the end of urlbanner parameter.

Banner URL XSS example: "><script>alert(XSS)</script><aa aa=".gif

Condition.

magic_quotes_gpc = off

Solution.

Easy Banner Free updated.

PHP Web Scripts notified us that Easy Banner Free is updated. Download latest version from vendor's website.

Company

• PC Evuln.com / II Evuln.com
• Email:
• skype: evuln.com
• Phone: +37068935936

Services

• Hack Repair
• Hack Insurance
• External Monitoring
• Pricing
• Partner Program

eVuln Labs

• Scanner Statistics
• eVuln Advisories
• Fixing Guide

eVuln Tools

• Malware Scanner
• PHP Code Scanner
• HTTP Packet Generator
• XSS String Encoder
• SQL String Encoder