PHPNuke holes

From: frog frog (leseulfrogat_private)
Date: Fri Dec 14 2001 - 17:47:27 PST

Next message: G.Borglum: "HP-UX setuid rlpdaemon induced to make illicit file writes"

Previous message: bugzillaat_private: "[RHSA-2001:160-09] Updated glibc packages are available"
Next in thread: rolphin: "Re: PHPNuke holes"
Reply: rolphin: "Re: PHPNuke holes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) Here a few holes that i've found in PHPNuke. 5 Cross Site Scripting. http://phpnuke.org/modules.php? name=Downloads&d_op=viewdownloaddetails&lid=0 2&ttitle=[JAVASCRIPT] http://phpnuke.org/modules.php? name=Downloads&d_op=ratedownload&lid=118&ttitle =[JAVASCRIPT] http://phpnuke.org/modules.php? op=modload&name=Members_List&file=index&letter =[JAVASCRIPT] http://phpnuke.org/submit.php?subject= [JAVASCRIPT]&story=[JAVASCRIPT]&storyext= [JAVASCRIPT]&op=Preview http://phpnuke.org/user.php?op=userinfo&uname= [JAVASCRIPT] ==> This hole was not found by Aurelien Cabezon. and /admin.php?upload=Go! who's the same that upload=1 . frog-man

Next message: G.Borglum: "HP-UX setuid rlpdaemon induced to make illicit file writes"
Previous message: bugzillaat_private: "[RHSA-2001:160-09] Updated glibc packages are available"
Next in thread: rolphin: "Re: PHPNuke holes"
Reply: rolphin: "Re: PHPNuke holes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Dec 16 2001 - 19:06:30 PST