Recent URL XSS vulnerabilities

Here is short summary of recent URL XSS vulnerabilities discovered by eVuln team. Full list with details is available on the eVuln Security Advisories page.

title,url - Non-persistent XSS in Social Share.

Description.

It is possible to inject xss code into title and url parameters in save.php script.

Parameters title, url are not properly sanitized before being used in HTML code.

Exploit.

XSS example1: http://website/socialshare/save.php?title=<XSS>

XSS example2: http://website/socialshare/save.php?url="><XSS>

Solution

Solution is not available.

Other details >>

url BBCode XSS in slickMsg.

Description.

It is possible to inject XSS code into link bbcode.

"url" value is not properly sanitized before being used in HTML code.

Condition: click on link is required.

Exploit.

XSS example: [url=javascript:alert(123)]bbcode xss test[/url]

Solution

Solution is not available.

Other details >>

Multiple XSS in Alguest.

Description.

User-defined parameters: nome, messaggio,link are not sanitized. Arbitrary XSS injection is possible. Vulnerable script: index.php.

Exploit.

All input data is not sanitized.

Nick: <XSS inj>

Message: <XSS inj>

Homepage: javascript:<XSS inj>

Solution

Solution is not available.

Other details >>

URL XSS in Easy Banner Free.

Description.

Site URL and Banner URL are not properly sanitized against Cross Site Scripting attacks. Vulnerable script: index.php. Parameters siteurl and urlbanner may contain XSS code.

Exploit.

Script index.php checks only if "http://" is present at the beginning of siteurl parameter.

Site URL XSS example: http://"><script>alert(XSS)</script><aa aa="

Script index.php checks only if some image file extension is present at the end of urlbanner parameter.

Banner URL XSS example: "><script>alert(XSS)</script><aa aa=".gif

magic_quotes_gpc = off

Solution.

PHP Web Scripts notified us that Easy Banner Free is updated. Download latest version from vendor's website.

Other details >>

url XSS in Hot Links Lite.

Description.

XSS vulnerability found in url parameter of process.cgi script. This can be used to insert any script code. Admin panel is vulnerable also.

Exploit.

Parameter url doesn't pass any sanitation for XSS.

URL: javascript:[XSS]

URL: "><XSS>

Solution

Solution is not available.

Other details >>
Advisories by vuln type

Website Monitoring

Daily malware scanning. Allows to receive alerts about security problems in your website.
Details >>

Malicious redirects detected?

eVuln team will eliminate the reason, clean your website and monitor it.
Details >>

Website blacklisted?

eVuln team will clean your website, discover and fix security holes, remove from blacklists.
Details >>