Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » PHP Bookmarks Form Manipulation Vulnerability

PHP Bookmarks Form Manipulation Vulnerability

by Nikola Strahija on February 27th, 2002 Vulnerable versions of PHP Bookmarks do not verify the origin of forms that are submitted by web users. This may allow an attacker to perform a form manipulation attack against the application.


Exploitation of this issue requires that the attacker saves a form locally, uses a text editor to manipulate data in form elements, and then submits the manipulated form.

It should be noted that PHP Bookmarks was not designed to be publicly accessible. However, the authors have implemented some security measures to enable a user to share their bookmarks via PHP Bookmarks, so some implementations may be vulnerable.

Remote: Yes

Exploit: There is no exploit code.

Solution: This issue has been addressed in PHP Bookmarks versions 1.7 and later.


PHP Bookmarks PHP Bookmarks 1.1:

PHP Bookmarks Upgrade phpbookmarks-1.8.tar.gz
http://devel.thcnet.net/phpbookmarks/phpbookmarks-1.8.tar.gz

PHP Bookmarks PHP Bookmarks 1.2:

PHP Bookmarks Upgrade phpbookmarks-1.8.tar.gz
http://devel.thcnet.net/phpbookmarks/phpbookmarks-1.8.tar.gz

PHP Bookmarks PHP Bookmarks 1.3:

PHP Bookmarks Upgrade phpbookmarks-1.8.tar.gz
http://devel.thcnet.net/phpbookmarks/phpbookmarks-1.8.tar.gz

PHP Bookmarks PHP Bookmarks 1.4:

PHP Bookmarks Upgrade phpbookmarks-1.8.tar.gz
http://devel.thcnet.net/phpbookmarks/phpbookmarks-1.8.tar.gz

PHP Bookmarks PHP Bookmarks 1.5:

PHP Bookmarks Upgrade phpbookmarks-1.8.tar.gz
http://devel.thcnet.net/phpbookmarks/phpbookmarks-1.8.tar.gz

PHP Bookmarks PHP Bookmarks 1.6:

PHP Bookmarks Upgrade phpbookmarks-1.8.tar.gz
http://devel.thcnet.net/phpbookmarks/phpbookmarks-1.8.tar.gz



Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »