AOH :: HP Unsorted E :: TB11488.HTM

eTicket v. Multiple Cross-Site Scripting

Better a bottle in front of me than a frontal lobotomy.

eTicket v. Multiple Cross-Site Scripting
eTicket v. Multiple Cross-Site Scripting

eTicket v. Multiple Cross-Site Scripting

Author: Attila Gerendi (Darkz)
Date: June 29, 2007
Package: eTicket ( 
Versions Affected: v. (Other versions may also be affected)
Severity: XSS

Input passed to "$_SERVER['REQUEST_URI']" in various scrips and includes is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site when malicious data is viewed.

Vulnerable code pieces:

user_login.php on line 7:
admin_login.php on line 7: "" user_group.php on line 15: rep.php on line 15: pref.php on line 15: my.php on line 15: main.php on line 216: mail.php on line 16: cat.php on line 16: banlist_delete.php on line 13: banlist_delete.php on line 43: banlist_addedit.php on line 27: banlist_addedit.php on line 40: banlist.php on line 41: searc_form.php $surl=$_SERVER['PHP_SELF'].'?s='.$news; $qs=preg_replace('/s=(basic|advanced)/', '', $_SERVER['QUERY_STRING']); if ($qs != '') { $surl.=(substr($qs, 0, 1) == '&')?$qs:"&$qs"; } ?> [] Status: 1. Contacted the author at June 29, 2007 via sourceforge tracker ( 2. The author concluded "I am not happy that this is a real bug, and therefore will be closed until further notice." Solution: -edit the source code to ensure the input is properly sanitized.

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2018 AOH
We do not send spam. If you have received spam bearing an email address, please forward it with full headers to