Skip to content
Tags

, , , ,

Evoluted.net PHP Directory Listing XSS Vulnerability

by Beni on Juli 9th, 2011

I noticed a security vulnerability in the PHP Directory Listing Script made by Ash Young from Evoluted.net.

Some input isn’t properly sanitized before it is returned to the user, rendering the application’s users vulnerable to a XSS flaw.

To resolve this vulnerability, the following patch needs to be applied to the PHP Directory List v3.1 source code which makes use of urlencode instead of strip_slashes to sanitize user input:

1
2
3
4
5

# diff index.php /tmp/directoryv3.1/index.php 
391c391
< 	$baseurl = strip_tags($_SERVER['PHP_SELF']) . '?dir='.urlencode($_GET['dir']) . '&amp;';
---
> 	$baseurl = strip_tags($_SERVER['PHP_SELF']) . '?dir='.strip_tags($_GET['dir']) . '&amp;';

Thanks goes out to Anon for pointing out that this previous vulnerability is originally found in PHP Directory Listing from Evoluted.net.

The programmer in charge has been notified of this issue.

Das wird dich vielleicht auch interessieren:

From → Programmieren, Sicherheit und Sonnenschein

One Comment

Trackbacks & Pingbacks

  1. Auch die NN-Crew macht Fehler ~>

Leave a Reply

Note: XHTML is allowed. Your email address will never be published.

Subscribe to this comment feed via RSS