PHPNUKE 6 XSS Vulnerabilities
From: Mark Grimes (mark@stateful.net)Date: 09/24/02
- Previous message: Matthias Bauer: "Re: PHP source injection in phpWebSite"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 24 Sep 2002 11:37:06 -0700 From: Mark Grimes <mark@stateful.net> To: bugtraq@securityfocus.com
http://www.phpnuke.org/modules.php?name=Search
Enter: ><script>alert(document.cookie);</script>
in form, click Search.
Needless to say these bugs won't go away.
The vendor WOULD HAVE been contacted if they just gave an email address
without having to subscribe to nukesupport/phpnuke - maybe I don't use it.
Likewise the author of PHP-NUKE has a submission form for bug reporting
(buried in a FAQ for unsubscribed people -- why do I need to dig for a
contact address?), but that also has a XSS vulnerability - *SIGH*
Nor HTML nor plain text will do through the submission form without the
javascript being executed or stripped. Instead of implying >'s and
<'s in an email, I am posting here.
-- Mark Grimes <mark@stateful.net> Stateful Labs
- Previous message: Matthias Bauer: "Re: PHP source injection in phpWebSite"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
