[23366] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Phpnuke Cross site scripting vulnerability

daemon@ATHENA.MIT.EDU (=?iso-8859-1?Q?Cabezon_Aur=E9lien?)
Sun Dec 2 23:54:07 2001

Message-ID: <069b01c17b93$13610960$1a5680d9@London>
From: =?iso-8859-1?Q?Cabezon_Aur=E9lien?= <aurelien.cabezon@isecurelabs.com>
To: <bugtraq@securityfocus.com>
Cc: <fburzi@ncc.org.ve>
Date: Mon, 3 Dec 2001 01:40:13 +0100
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit

Hi nuke webmasters,

Phpnuke cross site scripting vulnerability
Affected version : 5.3.1 and prior perhaps other...perhaps all
PostNuke affected too.

No more explanation, it is enough with cross site scripting...i'm bored with
CSS vuln ;)
http://www.phpnuke.org/user.php?op=userinfo&uname=<script>alert(document.coo
kie);</script>

This is an other way to stole cookies as i explain in my previous post but
without using IE 5.5 vulnerability.
http://www.isecurelabs.com/article.php?sid=230

regards,

---
Cabezon Aurélien
http://www.iSecureLabs.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[23366] in bugtraq

Phpnuke Cross site scripting vulnerability

daemon@ATHENA.MIT.EDU (=?iso-8859-1?Q?Cabezon_Aur=E9lien?)Sun Dec 2 23:54:07 2001

daemon@ATHENA.MIT.EDU (=?iso-8859-1?Q?Cabezon_Aur=E9lien?)
Sun Dec 2 23:54:07 2001