PHPDeveloper.org: Secunia.com: TCExam PHP Code Execution and Cross-Site Scripting

	News Feed
	Jobs Feed

Sections

Tutorials

Books

Events

Talks

Jobs

Recent Jobs

Job Posting: Chegg Seeks Senior PHP Developer (Santa Clara, CA)

Job Posting: TEKSystems (Recruiter) Seeks PHP Web Application Developers (Tampa, FL)

Job Posting: Quinstreet, Inc. Seeks Sr. PHP Developer (Foster City, CA)

Job Posting: WideEye Interactive/Moroch Advertising Seeks Web Developer (Dallas, TX)

Job Posting: Project People Ltd (Recruiter) Seeks PHP Developer (Paris, France)

Job Posting: Snelling (Recruiter) Seeks Web Programmer (Boston, MA)

Job Posting: Veedow Seeks Senior PHP Developer/Architect (London, UK)

Job Posting: Apex Systems (Recruiter) Seeks PHP Web Developers (Tampa, FL)

Job Posting: WordStream Seeks Web Application Developer (Needham, MA)

Job Posting: JS Creative Seeks Web Developer (Atlanta, GA)

News Archive

Andre Liem's Blog: 5 tips and tools to optimize your php application - Part 1 simple

Job Posting: Chegg Seeks Senior PHP Developer (Santa Clara, CA)

Robert Basic's Blog: MyUrl view helper for Zend Framework

Laknath Semage's Blog: PHP + Large files

NETTUTS.com: Mimicking Apple's Address Book for the Web

Martynas Jusevicius' Blog: Method overloading in PHP 5

DevShed: Authentication Scripts for a User Management Application

Community News: PHP Advent 2008

Ibuildings Blog: Zend_Paginator: First Impressions

Community News: Latest PECL Releases for 12.02.2008

Secunia.com:
TCExam PHP Code Execution and Cross-Site Scripting

by Chris Cornutt May 01, 2007 @ 14:18:00

TCExam users will definitely want to pay attention to this latest advisory posted by Secunia detailing a PHP code execution and cross-site scripting issue that's been found:

rgod has discovered two vulnerabilities in TCExam, which can be exploited by malicious people to conduct cross-site scripting attacks or to compromise a vulnerable system.

The two issues is related to two different inpus not being handled properly - the mishandling of the SessionUserLang cookie and the _SERVER[SCRIPT_NAME] value. Neither of these are being sanitized.

This issue effects users of the TCExam 4.x series but a new version, 4.1.000, has already been released and made available for download.

0 comments voice your opinion now!
tcexam crosssitescripting xss execution sanitize tcexam crosssitescripting xss execution sanitize

Similar Posts

PHPMac.com: IP Banning

Christian Stocker's Blog: Upload Progress Meter finally in PECL

Community News: WordPress Security Update Released

SitePoint PHP Blog: A pro-PHP Rant

Gareth Heyes' Blog: htmlentities is badly designed

Community Events

Don't see your event here?
Let us know!

All content copyright, 2008 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework