Bugtraq mailing list archives
PHPNuke 5 Cross Scripting
From: "Replugge [Rod]" <replugge () alcoholico org>
Date: 17 Dec 2001 13:30:38 +0100
This is a forward of frog-m@n posting to Vuln-Dev. Here a few holes that i've found in PHPNuke. 5 "Cross Site Scripting". http://phpnuke.org/modules.php? name=Downloads&d_op=viewdownloaddetails&lid=0 2&ttitle=[JAVASCRIPT] http://phpnuke.org/modules.php? name=Downloads&d_op=ratedownload&lid=118&ttitle =[JAVASCRIPT] http://phpnuke.org/modules.php? op=modload&name=Members_List&file=index&letter =[JAVASCRIPT] http://phpnuke.org/submit.php?subject= [JAVASCRIPT]&story=[JAVASCRIPT]&storyext= [JAVASCRIPT]&op=Preview http://phpnuke.org/user.php?op=userinfo&uname= [JAVASCRIPT] and /admin.php?upload=Go! who's the same that upload=1 . frog-m@n -- /* Rodrigo Gutierrez <rodrigo () trustix com> Trustix AS - http://www.trustix.com */
Current thread:
- PHPNuke 5 Cross Scripting Replugge [Rod] (Dec 19)