[27173] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

PHPNUKE 6 XSS Vulnerabilities

daemon@ATHENA.MIT.EDU (Mark Grimes)
Tue Sep 24 15:28:13 2002

Date: Tue, 24 Sep 2002 11:37:06 -0700
From: Mark Grimes <mark@stateful.net>
To: bugtraq@securityfocus.com
Message-ID: <20020924183706.GC27515@stateful.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

http://www.phpnuke.org/modules.php?name=Search

Enter: ><script>alert(document.cookie);</script>
in form, click Search.

Needless to say these bugs won't go away.

The vendor WOULD HAVE been contacted if they just gave an email address
without having to subscribe to nukesupport/phpnuke - maybe I don't use it.

Likewise the author of PHP-NUKE has a submission form for bug reporting
(buried in a FAQ for unsubscribed people -- why do I need to dig for a
contact address?), but that also has a XSS vulnerability - *SIGH*
Nor HTML nor plain text will do through the submission form without the
javascript being executed or stripped.  Instead of implying &gt's and
&lt's in an email, I am posting here.

-- 
Mark Grimes <mark@stateful.net>
Stateful Labs


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[27173] in bugtraq

PHPNUKE 6 XSS Vulnerabilities

daemon@ATHENA.MIT.EDU (Mark Grimes)Tue Sep 24 15:28:13 2002

daemon@ATHENA.MIT.EDU (Mark Grimes)
Tue Sep 24 15:28:13 2002