AOH :: HP Unsorted T :: VA2873.HTM

Trellis Desk v1.0 XSS Vulnerability



Trellis Desk v1.0 XSS Vulnerability
Trellis Desk v1.0 XSS Vulnerability



This problem has been reported to the author but no action taken to resolve the issue.

The search box does not sanitise data and is open to simple XSS SQL injection.

file sources/article.php find around line 519
$searchstring = $this->ifthd->input['keywords'];

Needs to have the following line added after...
$searchstring = mysql_real_escape_string( $searchstring );


The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.