muhammedzaimtr / phurl

Automatically exported from code.google.com/p/phurl
0 stars 1 forks source link

includes/home.php XSS on version 3 #92

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
on the test server
https://phurl.googlecode.com/hg/includes/home.php

Line 3 will be vulnerable to cross site scripting
    echo "<div class=\"error\">" . $_GET['error'] . "</div>";

Original issue reported on code.google.com by itspa...@gmail.com on 30 Oct 2010 at 9:48

GoogleCodeExporter commented 8 years ago
We'll be implementing the same variable as we did with 2.4.2, to avoid the 
includes being run separately from the script. We'll also run index.php through 
htmlentities where necessary to avoid XSS vulnerabilities there.

Original comment by he...@phurlproject.org on 30 Oct 2010 at 11:20

GoogleCodeExporter commented 8 years ago

Original comment by he...@phurlproject.org on 1 Nov 2010 at 2:12