PHPNuke Cross Scripting...

From: frog frog (leseulfrog@hotmail.com)
Date: 12/14/01 

Date: 14 Dec 2001 21:30:46 -0000
From: frog frog <leseulfrog@hotmail.com>
To: vuln-dev@securityfocus.com
('binary' encoding is not supported, stored as-is)


Here a few holes that i've found in PHPNuke.
5 "Cross Site Scripting".

http://phpnuke.org/modules.php?
name=Downloads&d_op=viewdownloaddetails&lid=0
2&ttitle=[JAVASCRIPT]

http://phpnuke.org/modules.php?
name=Downloads&d_op=ratedownload&lid=118&ttitle
=[JAVASCRIPT]

http://phpnuke.org/modules.php?
op=modload&name=Members_List&file=index&letter
=[JAVASCRIPT]

http://phpnuke.org/submit.php?subject=
[JAVASCRIPT]&story=[JAVASCRIPT]&storyext=
[JAVASCRIPT]&op=Preview

http://phpnuke.org/user.php?op=userinfo&uname=
[JAVASCRIPT]


and /admin.php?upload=Go! who's the same that
upload=1 .

frog-m@n

Relevant Pages

  • Re: Another Scripting Hole In Microsoft IE Exposes Local Files
    ... >know that if you are using IE with javascript etc. default settings on, ... How many hackers bother trying to attack Opera, as related to how many try to ... Number of holes found does not equal number of holes to be found. ... Fax/Voice +1258-9858 | read details of WFTPD Pro for NT. ...
    (comp.security.misc)
  • Re: Browser news
    ... Sounds like more JavaScript holes. ... PM Steven Harper is fixated on the costs of implementing Kyoto, estimated as high as 1% of GDP. ... JavaScript appears to ride the unstoppable wave of Internet ... the Adobe language behind Flex/ ...
    (comp.lang.java.programmer)
  • Re: Nested Accordion Menu
    ... pick holes in it please do to help me learn. ... Turn off Javascript and try your menu. ... I recommend the following rule of thumb: ... I have already recommended using CSS menus. ...
    (comp.lang.javascript)
  • PHPNuke holes
    ... Here a few holes that i've found in PHPNuke. ... Cross Site Scripting. ... =[JAVASCRIPT] ...
    (Bugtraq)
  • [[ TH 026 Inc. ]] SA #2 - IcrediBB 1.1, Cross Site Scripting vulnerability.
    ... Impact: Medium ... Vendor has been notified of all issues ... A Cross Site Scripting has been found due to insufficient checking of user ... things in MSIE * with evil javascript. ...
    (Bugtraq)