Yet another XSS vulnerability in PHP NUKE

From: ersatz@unixhideout.com
Date: 09/27/02 

Date: 26 Sep 2002 23:54:51 -0000
From: <ersatz@unixhideout.com>
To: bugtraq@securityfocus.com
('binary' encoding is not supported, stored as-is)

Tested ON:
PHP-Nuke 6.0
Netscape 7.0
Internet Explorer 5.5
Mozilla - unknown version partially tested
----------------------------------------------
Description:

There is yet another XSS vulnerability in PHP-Nuke 6.0
[possibly older versions as well] The vulnerability
lies in the Web Links search feild. I have tested this
using two scripts. The first one we will discuss is
"<Img src="http://www.ersatz-crew.org/test.gif">"
[where test.gif is just a gif on my site] and the
second one is
"&lt;script&gt;alert('Testing')&lt;/script&gt;"
 
-----------------------------------------------

"<Img src="http://www.ersatz-crew.org/test.gif">"

To complete this exploit all you have to do is put the
above script in the search feild of the web links section.

Netscape 7.0 -

This will not show the .gif but it does cause the links
below for Alta Vista, HotBot and others to show some
source of the link as part of the link making the page
look odd.

Internet Explorer 5.5

Pretty much same result expept will show an image of an
invalid picture [i.e. box with red x threw it ]

Mozilla -
With Mozilla it will actually show the .gif

-------------------------------------------------------

"&lt;script&gt;alert('Testing')&lt;/script&gt;"

To complete this exploit all you have to do is put the
above script in the search feild of the web links section.

Netscape 7.0

Will cause a pop up box saying testing to come up.
Takes at least 6 or 7 clicks of ok to get this to go
away. Also shows the source to the links as well

Internet Explorer 5.5

Also brings the Testing box up but one click and it
will stay away. This also will make the links apear in
source code.

Mozilla -
This script was not tested on Mozilla but I expect will
be the same result.

------------------
Thanks:
Thanks to C0llisi0n for helping me test this.

------------------
Vulnerability brought to you by ersatz
(ersatz@unixhideout.com)
http://www.unixhideout.com

Relevant Pages

  • Re: Newbie Question about IE
    ... Stephen Chalmers wrote: ... and Mozilla but not Internet Explorer can someone please tell me why ... IE does exactly that if the form is submitted, but when using script the ...
    (comp.lang.javascript)
  • How disable the F5 key in Mozilla
    ... I am trying to disable the F5 key in Mozilla. ... javascript that it is working in Internet Explorer but it is not ...
    (comp.lang.javascript)
  • Re: Java Scripts do not work in IE
    ... Uncheck the box to Display a notification about every script error. ... Windows Script 5.6 for Windows 2000 and XP ... You cannot open a new Internet Explorer window or nothing occurs after you ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • RE: script error
    ... How to Troubleshoot Script Errors in Internet Explorer ... The following warning message may also appear in the Microsoft Internet ... To update the scripting engine for Internet Explorer on Microsoft Windows ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • RE: error script with music
    ... All the suggestions you made with Internet Explorer where already like you ... "nass" wrote: ... Internet Explorer Script Error ... Do you have the latest Java Installed on your system, ...
    (microsoft.public.windows.inetexplorer.ie6.browser)