PHP Script Index "search"存在注入和跨站漏洞---黑色反击安全在线http://www.hf110.com

您现在的位置：黑色反击 >> 技术资讯 >> 安全漏洞 >> 其他漏洞 >> 正文

PHP Script Index "search"存在注入和跨站漏洞

时间：2006-3-31 1:56:18 出处：网络作者：未知编辑：mervin 点击数：

【收藏到ViVi】【收藏到YouNote】【收藏此页到365Key】【收藏此页到bbmao】【狐摘】

PHP Script Index "search" SQL Injection and Cross Site Scripting Vulnerability

Technical Description

A vulnerability has been identified in PHP Script Index, which may be exploited by attackers to execute arbitrary SQL commands or scripting code. This flaw is due to an input validation error in the "search.php" script that does not validate the "search" parameter, which could be exploited by malicious people to conduct SQL injection and cross site scripting attacks.

Affected Products

PHP Script Index

Solution

The FrSIRT is not aware of any official supplied patch for this issue.

References

http://www.frsirt.com/english/advisories/2006/1158

Credits

Vulnerability reported by Preddy