Computer Security

Security Advisory: Phpnuke Cross site scripting vulnerability
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Crossite scripting in PHPNuke/PostNUKE

  More Cross site Scripting in PHPNuke

  Security bugs in PhpNuke

  PHP-Nuke 5.5 , Phortail 1.2.1 , Avotravis 2.1

  CSS in PHPNuke add-on

From:acz [iSecureLabs] <aurelien.cabezon_(at)_iSecureLabs.com>
Date:03.12.2001
Subject:Phpnuke Cross site scripting vulnerability

Hi nuke webmasters,

Phpnuke cross site scripting vulnerability
Affected version : 5.3.1 and prior perhaps other...perhaps all
PostNuke affected too.

No more explanation, it is enough with cross site scripting...i'm bored with
CSS vuln ;)
http://www.phpnuke.org/user.php?op=userinfo&uname=<script>alert(doc
ument.coo
kie);</script>

This is an other way to stole cookies as i explain in my previous post but
without using IE 5.5 vulnerability.
http://www.isecurelabs.com/article.php?sid=230

regards,

---
Cabezon Aurélien
http://www.iSecureLabs.com

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
 


Ðåéòèíã@Mail.ru