Computer Security

Security Advisory: PHPNuke 5 Cross Scripting
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Crossite scripting in PHPNuke/PostNUKE

  More Cross site Scripting in PHPNuke

  Security bugs in PhpNuke

  PHP-Nuke 5.5 , Phortail 1.2.1 , Avotravis 2.1

  CSS in PHPNuke add-on

From:Replugge [Rod] <replugge_(at)_alcoholico.org>
Date:20.12.2001
Subject:PHPNuke 5 Cross Scripting

This is a forward of frog-m@n posting to Vuln-Dev.


Here a few holes that i've found in PHPNuke.
    5 "Cross Site Scripting".

    http://phpnuke.org/modules.php?
    name=Downloads&d_op=viewdownloaddetails&lid=0
    2&ttitle=[JAVASCRIPT]

    http://phpnuke.org/modules.php?
    name=Downloads&d_op=ratedownload&lid=118&ttitle
    =[JAVASCRIPT]

    http://phpnuke.org/modules.php?
    op=modload&name=Members_List&file=index&letter
    =[JAVASCRIPT]

    http://phpnuke.org/submit.php?subject=
    [JAVASCRIPT]&story=[JAVASCRIPT]&storyext=
    [JAVASCRIPT]&op=Preview

    http://phpnuke.org/user.php?op=userinfo&uname=
    [JAVASCRIPT]


    and /admin.php?upload=Go! who's the same that
    upload=1 .

    frog-m@n

--
/*
Rodrigo Gutierrez <rodrigo@trustix.com>
Trustix AS - http://www.trustix.com
*/

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
 


Рейтинг@Mail.ru