lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <007601c317d2$0cc90ee0$0b6aaec3@SS>
Date: Sun, 11 May 2003 18:28:59 +0300
From: "Ferruh Mavituna" <ferruh@...ituna.com>
To: <bugtraq@...urityfocus.com>
Subject: PHPNuke "Your Account" XSS Vulnerability


------------------------------------------------------
PHPNuke "Your Account" XSS Vulnerability
------------------------------------------------------

------------------------------------------------------
Vulnerable;
------------------------------------------------------
Francisco Burzi PHP-Nuke 6.5 Final Release

------------------------------------------------------
Not tested but %90 vulnerable;
------------------------------------------------------
Francisco Burzi PHP-Nuke 5.6
Francisco Burzi PHP-Nuke 6.0
Francisco Burzi PHP-Nuke 6.5 RC3
Francisco Burzi PHP-Nuke 6.5 RC2
Francisco Burzi PHP-Nuke 6.5 RC1
Francisco Burzi PHP-Nuke 6.5

------------------------------------------------------
About PHPNuke;
------------------------------------------------------
PHP Based Content Management System
http://www.phpnuke.org

------------------------------------------------------
Solution;
------------------------------------------------------
Simple string check or user check should be OK !

------------------------------------------------------
Exploit;
------------------------------------------------------
http://[victim]/modules.php?name=Your_Account&op=userinfo&username=bla<script>alert(document.cookie)</script>

*You may need to login first.
**Some of servers/PHP Nuke Systems has a security check for "<script>"
strings for Querystrings or POST variables (ie. www.phphnuke.org). But this
systems are still vulnerable. You can skip these controls with some JS
tricks.


Ferruh Mavituna
Freelance Developer & Designer
http://ferruh.mavituna.com
ferruh@...ituna.com



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ