< ------------------- header data start ------------------- >

#############################################################

# Application Name : Bug Researchers

# Vulnerable Type : Cross Site Scripting

# Infection : Ilgili portalda XSS saldirilari ile hedef kullanici Cookie’leri çekilebilir.

# Bug Fix Advice : Gerekli Filtrelemeler yapilmalidir.

# author : Bug Researchers

#############################################################

< ------------------- header data end of ------------------- >



< -- bug code start -- >

<?php
$gelenhaber = $_GET[’haber’];
include ../ozellikler.php;
db_baglan();
site_ozellik();
$id = 1;
mysql_query(update haberler SET haberetkin = ’1’ where haberid = ’$gelenhaber’);
echo <center>Haber Etkinlestirildi. Anasayfaya Yönlendiriliyorsunuz..</center>;
echo <META HTTP-EQUIV=\\REFRESH\\ CONTENT=\\1;URL=index.php\\>;
?>

< -- bug code end of -- >