Phpnuke Cross site scripting vulnerability

From: Cabezon Aurélien (aurelien.cabezonat_private)
Date: Sun Dec 02 2001 - 16:40:13 PST

Next message: jamie rishaw: "Re: UUCP"

Previous message: David Walker: "Re: def-2001-32 - Allaire JRun directory browsing vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi nuke webmasters,

Phpnuke cross site scripting vulnerability
Affected version : 5.3.1 and prior perhaps other...perhaps all
PostNuke affected too.

No more explanation, it is enough with cross site scripting...i'm bored with
CSS vuln ;)
http://www.phpnuke.org/user.php?op=userinfo&uname=>alert(document.coo
kie);</script>

This is an other way to stole cookies as i explain in my previous post but
without using IE 5.5 vulnerability.
http://www.isecurelabs.com/article.php?sid=230

regards,

---
Cabezon Aurélien
http://www.iSecureLabs.com

Next message: jamie rishaw: "Re: UUCP"
Previous message: David Walker: "Re: def-2001-32 - Allaire JRun directory browsing vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Dec 03 2001 - 08:46:32 PST