Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Phpnuke Cross site scripting vulnerability (patch)

From: supergate () twlc net
Date: Sun, 9 Dec 2001 14:54:09 +0100
Patch for the following advisory:
http://www.isecurelabs.com/article.php?sid=230


Hi nuke webmasters,

Phpnuke cross site scripting vulnerability
Affected version : 5.3.1 and prior perhaps other...perhaps all
PostNuke affected too.

No more explanation, it is enough with cross site scripting...i'm bored with
CSS vuln ;)
http://www.phpnuke.org/user.php?op=userinfo&uname=<script>alert(document.coo
kie);</script>


Avaliable here:
http://www.twlc.net/download.php?op=getit&lid=122

postnuke users (tested on rogue 0.70): rename postnuke.php into user.php and upload it replacing the old one in 
modules/NS-User
directory
phpnuke users (5.31): rename phpnuke531.php into user.php and upload it replacing the old one
phpnuke users (5.2): rename phpnuke52.php into user.php and upload it replacing the old one

notice that all the patches are tested and work.

--
the postnuke patch consist in adding this string after global variables in modules/NS-User/user.php in function 
user_user_userinfo.
if you have a versions of postnuke prior to 0.7 you may try this trick.

$var['uname'] = strip_tags($var['uname']);

kain
--
if the version of php nuke you are running isn't listed write the patch on your own! it's simple, just find the 
function userinfo
(in user.php located in the root dir) and add after the global variables:

$uname = strip_tags($uname);

supergate
--

peace.

supergate, shockzor, kain

http://www.twlc.net
http://www.kuht.it
Previous By Date Next
Previous By Thread Next

Current thread: