('binary' encoding is not supported, stored as-is) Tested ON: PHP-Nuke 6.0 Netscape 7.0 Internet Explorer 5.5 Mozilla - unknown version partially tested ---------------------------------------------- Description: There is yet another XSS vulnerability in PHP-Nuke 6.0 [possibly older versions as well] The vulnerability lies in the Web Links search feild. I have tested this using two scripts. The first one we will discuss is "<Img src="http://www.ersatz-crew.org/test.gif">" [where test.gif is just a gif on my site] and the second one is "<script>alert('Testing')</script>" ----------------------------------------------- "<Img src="http://www.ersatz-crew.org/test.gif">" To complete this exploit all you have to do is put the above script in the search feild of the web links section. Netscape 7.0 - This will not show the .gif but it does cause the links below for Alta Vista, HotBot and others to show some source of the link as part of the link making the page look odd. Internet Explorer 5.5 Pretty much same result expept will show an image of an invalid picture [i.e. box with red x threw it ] Mozilla - With Mozilla it will actually show the .gif ------------------------------------------------------- "<script>alert('Testing')</script>" To complete this exploit all you have to do is put the above script in the search feild of the web links section. Netscape 7.0 Will cause a pop up box saying testing to come up. Takes at least 6 or 7 clicks of ok to get this to go away. Also shows the source to the links as well Internet Explorer 5.5 Also brings the Testing box up but one click and it will stay away. This also will make the links apear in source code. Mozilla - This script was not tested on Mozilla but I expect will be the same result. ------------------ Thanks: Thanks to C0llisi0n for helping me test this. ------------------ Vulnerability brought to you by ersatz (ersatzat_private) http://www.unixhideout.com
This archive was generated by hypermail 2b30 : Fri Sep 27 2002 - 11:48:30 PDT
