CSS in DMOZGateway ( php-nuke )

From: frog frog (leseulfrogat_private)
Date: Sun Dec 16 2001 - 02:48:25 PST

Next message: centipede: "Weird Scan"

Previous message: frog frog: "Serious bug in IMessenger ( php-nuke )"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) New hole in an phpnuke addon. The concerned addon is DMOZGateway. He allows to search on the web via the dmoz.org site. The addon's url is th following one : /modules.php? op=modload&name=DMOZGateway&file=index The cross site scripting hole is : /modules.php? op=modload&name=DMOZGateway&file=index&topic =<sc*ript>alert(document.domain) </sc*ript><sc*ript>alert(/test/)</sc*ript> (without the '*') frog-m@n

Next message: centipede: "Weird Scan"
Previous message: frog frog: "Serious bug in IMessenger ( php-nuke )"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Dec 16 2001 - 10:03:42 PST