PHPNuke 5 Cross Scripting

• Previous message: IT Resource Center : "HP Secure OS Software for Linux security bulletins digest"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Replugge [Rod]" <replugge@alcoholico.org>
To: bugtraq@securityfocus.com
Date: 17 Dec 2001 13:30:38 +0100

This is a forward of frog-m@n posting to Vuln-Dev.

Here a few holes that i've found in PHPNuke.
     5 "Cross Site Scripting".

     http://phpnuke.org/modules.php?
     name=Downloads&d_op=viewdownloaddetails&lid=0
     2&ttitle=[JAVASCRIPT]

     http://phpnuke.org/modules.php?
     name=Downloads&d_op=ratedownload&lid=118&ttitle
     =[JAVASCRIPT]

     http://phpnuke.org/modules.php?
     op=modload&name=Members_List&file=index&letter
     =[JAVASCRIPT]

     http://phpnuke.org/submit.php?subject=
     [JAVASCRIPT]&story=[JAVASCRIPT]&storyext=
     [JAVASCRIPT]&op=Preview

     http://phpnuke.org/user.php?op=userinfo&uname=
     [JAVASCRIPT]

     and /admin.php?upload=Go! who's the same that
     upload=1 .

     frog-m@n

--
/* 
Rodrigo Gutierrez <rodrigo@trustix.com>
Trustix AS - http://www.trustix.com 
*/

• Previous message: IT Resource Center : "HP Secure OS Software for Linux security bulletins digest"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint