Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - News > Syndicated Linux News
User Name
Syndicated Linux News This forum is for the discussion of Syndicated Linux News stories.


  Search this Thread
Old 07-02-2006, 07:21 PM   #1
LXer NewsBot
Registered: Dec 2005
Posts: 123,204

Rep: Reputation: 118Reputation: 118
LXer: Title: PHP/MySQL Classifieds Script AddAsset1.php Script Insertion

Published at LXer:

luny has reported a vulnerability in PHP/MySQL Classifieds Script, which can be exploited by malicious users to conduct script insertion attacks. Input passed to the "Title", "URL" and "Description" form field parameters in AddAsset1.php is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when malicious data is viewed.



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
A good secure login script with PHP and mySQL genderbender Programming 3 05-02-2006 11:06 AM
LXer: Title: phpLDAPadmin Cross-Site Scripting and Script Insertion LXer Syndicated Linux News 0 04-26-2006 05:54 PM
PHP Shell Script (with MySql) Tony Empire Programming 1 09-20-2005 10:59 AM
MySQL Returning very strange Values in PHP Script benrose111488 Programming 2 10-21-2004 12:26 PM
Accessing MySQL from a PHP script (locally) lowpro2k3 Linux - Software 2 11-23-2003 10:50 PM > Forums > Linux Forums > Linux - News > Syndicated Linux News

All times are GMT -5. The time now is 08:39 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration