[23560] in bugtraq
PHPNuke 5 Cross Scripting
daemon@ATHENA.MIT.EDU (Replugge [Rod])
Wed Dec 19 16:01:46 2001
From: "Replugge [Rod]" <replugge@alcoholico.org>
To: bugtraq@securityfocus.com
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Date: 17 Dec 2001 13:30:38 +0100
Message-Id: <1008592238.32423.38.camel@puma.trustix.com>
Mime-Version: 1.0
This is a forward of frog-m@n posting to Vuln-Dev.
Here a few holes that i've found in PHPNuke.
5 "Cross Site Scripting".
http://phpnuke.org/modules.php?
name=Downloads&d_op=viewdownloaddetails&lid=0
2&ttitle=[JAVASCRIPT]
http://phpnuke.org/modules.php?
name=Downloads&d_op=ratedownload&lid=118&ttitle
=[JAVASCRIPT]
http://phpnuke.org/modules.php?
op=modload&name=Members_List&file=index&letter
=[JAVASCRIPT]
http://phpnuke.org/submit.php?subject=
[JAVASCRIPT]&story=[JAVASCRIPT]&storyext=
[JAVASCRIPT]&op=Preview
http://phpnuke.org/user.php?op=userinfo&uname=
[JAVASCRIPT]
and /admin.php?upload=Go! who's the same that
upload=1 .
frog-m@n
--
/*
Rodrigo Gutierrez <rodrigo@trustix.com>
Trustix AS - http://www.trustix.com
*/
