News Feed
Jobs Feed
Sections




News Archive
Secunia.com:
TCExam PHP Code Execution and Cross-Site Scripting
by Chris Cornutt May 01, 2007 @ 14:18:00

TCExam users will definitely want to pay attention to this latest advisory posted by Secunia detailing a PHP code execution and cross-site scripting issue that's been found:

rgod has discovered two vulnerabilities in TCExam, which can be exploited by malicious people to conduct cross-site scripting attacks or to compromise a vulnerable system.

The two issues is related to two different inpus not being handled properly - the mishandling of the SessionUserLang cookie and the _SERVER[SCRIPT_NAME] value. Neither of these are being sanitized.

This issue effects users of the TCExam 4.x series but a new version, 4.1.000, has already been released and made available for download.

0 comments voice your opinion now!
tcexam crosssitescripting xss execution sanitize tcexam crosssitescripting xss execution sanitize


blog comments powered by Disqus

Similar Posts

Douglas Brown's Blog: Three Important Tips to Write PHP Code Defensively

DreamInCode.com: Preventing PHP Mail(...) Header Injections

Adam Jensen's Blog: Output Transformation in a Zend Framework Model Layer

DeveloperDrive.com: What Web Developers Need to Know About Cross-Site Scripting

Secunia.com: phpMyAdmin Cross-Site Scripting Vulnerabilities


 Community Events











Don't see your event here?
Let us know!

introduction release conference functional interview tool language application development phpunit code testing unittest community podcast example series zendframework2 opinion framework

All content copyright, 2013 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework