Bugtraq mailing list archives
Re: More Cross site Scripting in PHPNuke
From: "chkumite chkumite" <chkumite () hotmail com>
Date: Wed, 24 Apr 2002 13:07:24 +0000
Subject: More Cross site Scripting in PHPNuke Date: 23 Apr 2002 09:50:48 +0200 Cross site scripting is a serious problem, (even if some people doesn't believe it), On this second round i'll show 8 new XSS vulnerabilities in PHP Nuke (most of them are also path disclosure vulns)
u can do other thing but it isn't exploitable :( a local hack:In the search input, you write: "><h1><marquee>Hacked by Shaolinn</marquee></h1><"
The php file request the input, and finally write the html page something like this:
<input type="text" name="search" value="$search_input_requested"> then when i write ">anyhtmlthing<" i am injecting html. really this have not any utility :) but, you can learn how injection works. -- Shaolinn -- _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.
Current thread:
- More Cross site Scripting in PHPNuke Replugge [ROD] (Apr 23)
- <Possible follow-ups>
- Re: More Cross site Scripting in PHPNuke chkumite chkumite (Apr 25)