New eVuln Advisory: URL XSS in Easy Banner Free Summary: http://evuln.com/vulns/148/summary.html Details: http://evuln.com/vulns/148/description.html -----------Summary----------- eVuln ID: EV0148 Software: Easy Banner Free Vendor: PHP Web Scripts Version: 2009.05.18 Critical Level: low Type: Cross Site Scripting Status: Unpatched. No reply from developer(s) PoC: Available Solution: Available Discovered by: Aliaksandr Hartsuyeu ( http://evuln.com/ ) --------Description-------- Site URL and Banner URL are not properly sanitized against Cross Site Scripting attacks. Vulnerable script: index.php. Parameters siteurl and urlbanner may contain XSS code. --------PoC/Exploit-------- Site URL XSS Script index.php checks only if "http://" is present at the beginning of siteurl parameter. Site URL XSS example: http://"><script>alert(XSS)</script><aa aa=" Banner URL XSS Script index.php checks only if some image file extension is present at the end of urlbanner parameter. Banner URL XSS example: "><script>alert(XSS)</script><aa aa=".gif Condition. magic_quotes_gpc = off ---------Solution---------- Available at http://evuln.com/vulns/148/solution.html ----------Credit----------- Vulnerability discovered by Aliaksandr Hartsuyeu http://evuln.com/tool/web-security.html - website security tester