XSS vulnerability
Issue #399
new
Hi, we found one XSS vulnerability in phpLiteAdmin/index.php.
Line 2667 in index.php assigns $_GET to variablele $number if the $_GET is set. Line 2670 then echo variable $number directly.
if(isset($_GET['newRows']))
$num = $_GET['newRows'];
else
$num = 1;
echo "<input type='hidden' name='newRows' value='".$num."'/>";
for($j=0; $j<$num; $j++)
The $number is inside a input tag, the attacker can set $_GET to 3'/> <script> alert(1) </script>'/>
to perform XSS attack.