XSS vulnerability

Issue #399 new
110013 created an issue

Hi, we found one XSS vulnerability in phpLiteAdmin/index.php.

Line 2667 in index.php assigns $_GET to variablele $number if the $_GET is set. Line 2670 then echo variable $number directly.

                $num = $_GET['newRows'];
                $num = 1;
            echo "<input type='hidden' name='newRows' value='".$num."'/>";
            for($j=0; $j<$num; $j++)

The $number is inside a input tag, the attacker can set $_GET to 3'/> <script> alert(1) </script>'/> to perform XSS attack.

Comments (0)

  1. Log in to comment