LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > LinuxQuestions.org > Linux - News > Syndicated Linux News
User Name
Password
Syndicated Linux News This forum is for the discussion of Syndicated Linux News stories.

Notices

Reply
 
Search this Thread
Old 07-02-2006, 06:21 PM   #1
LXer
LXer NewsBot
 
Registered: Dec 2005
Posts: 75,136

Rep: Reputation: 87
LXer: Title: PHP/MySQL Classifieds Script AddAsset1.php Script Insertion


Published at LXer:

luny has reported a vulnerability in PHP/MySQL Classifieds Script, which can be exploited by malicious users to conduct script insertion attacks. Input passed to the "Title", "URL" and "Description" form field parameters in AddAsset1.php is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when malicious data is viewed.

Read More...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
A good secure login script with PHP and mySQL genderbender Programming 3 05-02-2006 10:06 AM
LXer: Title: phpLDAPadmin Cross-Site Scripting and Script Insertion LXer Syndicated Linux News 0 04-26-2006 04:54 PM
PHP Shell Script (with MySql) Tony Empire Programming 1 09-20-2005 09:59 AM
MySQL Returning very strange Values in PHP Script benrose111488 Programming 2 10-21-2004 11:26 AM
Accessing MySQL from a PHP script (locally) lowpro2k3 Linux - Software 2 11-23-2003 09:50 PM


All times are GMT -5. The time now is 08:44 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration