LinkEX

Linkex 20071019 is vulnerable to Cross Site Scripting (XSS) attack. Please fix this as soon as possible.

hi, can you please elaborate. Where did you find XSS possibilities? If this is serious, please use the contact form,
find the link in the bottom of this page.

- v0id

I generate a pdf report from my scanner's result. You can download this file from following URL. It contains all the
details of this problem.

http://d.turboupload.com/d/2147313/xss.pdf.html

Hi guys! were looking for new hard link traders.

PR3 http://www.xxxpornstop.com/linkex/

Hi Ehsen,

thanks for uploading the PDF, I had a look at it, and although Acunetix reports the threats as high, the risk for XXS is
pretty small.

It is a bit foolish of me not escaping the input when showing the link form again, but I have just fixed it in the CVS,
and it'll be in the next release.

LinkEX is only looking at the POST variables, so you wouldn't be able to exploit users by link spamming eg.
site.com/linkex/?anchor="+onmouseover=alert(1653591794)+ (check this out in the demo:
http://demo.linkex.dk/linkex/?anchor=%22+onmouseover=alert(1653591794)+ )
Only way to inject the scripts is to post the form. You could do that from a different site though.
If you do get people to post the data, you could possible display/postback cookie data from the user, if he actually has
any cookies from that site. 99% of the sites LinkEX is installed on wont have anything besides tracking cookies, but
still a possible XXS which should be stopped.

More interesting is if you actually could get the code displayed in the admin, but ever since the other exploit was
found, all the input has been escaped, so this will not work from inside the admin.

I really appreciate the info you provided, so I could fixed this.
XXS is potentially really dangerous, and should be stopped!

- v0id