Welcome! Log In Create A New Profile

Advanced

SiteLock is reporting vulnerability with search.php

Posted by cpopolo 
SiteLock is reporting vulnerability with search.php
September 06, 2017 02:05PM
A customer reports that a SiteLock scan reported that "search.php may be vulnerable to cross-site scripting". It does appear that the following line could result in an injection if done with malicious intent:

search.php?query=%20alert(204);%20

I believe I am using version "1.3.x" which is all I can find in the code... Is there a patch or fix for this? How can I tell the exact version I am currently using?

Thanks
rap
Re: SiteLock is reporting vulnerability with search.php
September 09, 2017 07:15AM
Spider is very old and no longer being maintained. Both tec and I have more recent alternatives that address many of the vulnerabilities of Sphider 1.3.x.
Sorry, only registered users may post in this forum.

Click here to login