Re: More Cross site Scripting in PHPNuke

From: chkumite chkumite (chkumiteat_private)
Date: Wed Apr 24 2002 - 06:07:24 PDT

Next message: Chris Deibler: "Fragroute and ISS (NetworkICE) products: a brief analysis"

Previous message: Rich Lafferty: "Re: Trendmicro - Interscan - List of BCC: is revealed when stripping attachments and notifying destination addresses"
Maybe in reply to: Replugge [ROD]: "More Cross site Scripting in PHPNuke"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>Subject: More Cross site Scripting in PHPNuke
>Date: 23 Apr 2002 09:50:48 +0200
>
>Cross site scripting is a serious problem, (even if some people
>doesn't believe it), On this second round i'll show 8 new XSS
>vulnerabilities in PHP Nuke (most of them are also path disclosure
>vulns)

u can do other thing but it isn't exploitable :(
a local hack:

In the search input, you write: "><h1><marquee>Hacked by 
Shaolinn</marquee></h1><"

The php file request the input, and finally write the html page something 
like this:

<input type="text" name="search" value="$search_input_requested">

then when i write ">anyhtmlthing<" i am injecting html.

really this have not any utility :) but, you can learn how injection works.


-- Shaolinn --

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.

Next message: Chris Deibler: "Fragroute and ISS (NetworkICE) products: a brief analysis"
Previous message: Rich Lafferty: "Re: Trendmicro - Interscan - List of BCC: is revealed when stripping attachments and notifying destination addresses"
Maybe in reply to: Replugge [ROD]: "More Cross site Scripting in PHPNuke"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Apr 25 2002 - 22:12:28 PDT