Full Disclosure mailing list archives
Re: Php Nuke POST XSS on steroids
From: ascii <ascii () katamail com>
Date: Mon, 12 Mar 2007 00:10:47 +0100
Paul Laudanski wrote:
I tried both your scripts at a few locations, and all I get back is this
[cut] hi Paul, long time from ccc : ) it happens because http headers must be on a single line, it's a formatting issue (my fault, i used to put a link to a plain text version but this time i forgot about it), i've just created a txt version of the advisory available here: http://phpfi.com/214668 it should be more usable, i dunno when the demos will stop working on phpnuke.org so i've asked wisec to upload this video since www.ush.it has bandwidth issues http://www.wisec.it/ush/phpnukexss.html obviously to bypass the anti-CSRF filter you have to mix the XSS with the import_request_variables() trick (this doesn't work on phpnuke.org because they have globals on, this is why i choose that domain) consider that import_request_variables() will allows you to do much more than an XSS, this is just an example advisory on an example product See you, Francesco `ascii` Ongaro http://www.ush.it/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Php Nuke POST XSS on steroids ascii (Mar 09)
- Re: Php Nuke POST XSS on steroids Paul Laudanski (Mar 11)
- Re: Php Nuke POST XSS on steroids ascii (Mar 11)
- Re: Php Nuke POST XSS on steroids Paul Laudanski (Mar 13)
- Re: Php Nuke POST XSS on steroids Paul Laudanski (Mar 13)
- Re: Php Nuke POST XSS on steroids ascii (Mar 11)
- Re: Php Nuke POST XSS on steroids Paul Laudanski (Mar 11)