Bugtraq mailing list archives
PHPNuke "Your Account" XSS Vulnerability
From: "Ferruh Mavituna" <ferruh () mavituna com>
Date: Sun, 11 May 2003 18:28:59 +0300
------------------------------------------------------ PHPNuke "Your Account" XSS Vulnerability ------------------------------------------------------ ------------------------------------------------------ Vulnerable; ------------------------------------------------------ Francisco Burzi PHP-Nuke 6.5 Final Release ------------------------------------------------------ Not tested but %90 vulnerable; ------------------------------------------------------ Francisco Burzi PHP-Nuke 5.6 Francisco Burzi PHP-Nuke 6.0 Francisco Burzi PHP-Nuke 6.5 RC3 Francisco Burzi PHP-Nuke 6.5 RC2 Francisco Burzi PHP-Nuke 6.5 RC1 Francisco Burzi PHP-Nuke 6.5 ------------------------------------------------------ About PHPNuke; ------------------------------------------------------ PHP Based Content Management System http://www.phpnuke.org ------------------------------------------------------ Solution; ------------------------------------------------------ Simple string check or user check should be OK ! ------------------------------------------------------ Exploit; ------------------------------------------------------ http://[victim]/modules.php?name=Your_Account&op=userinfo&username=bla<script>alert(document.cookie)</script> *You may need to login first. **Some of servers/PHP Nuke Systems has a security check for "<script>" strings for Querystrings or POST variables (ie. www.phphnuke.org). But this systems are still vulnerable. You can skip these controls with some JS tricks. Ferruh Mavituna Freelance Developer & Designer http://ferruh.mavituna.com ferruh () mavituna com
Current thread:
- PHPNuke "Your Account" XSS Vulnerability Ferruh Mavituna (May 13)