Home page logo

bugtraq logo Bugtraq mailing list archives

Postnuke XSS fixed
From: Muhammad Faisal Rauf Danka <mfrd () attitudex com>
Date: Tue, 1 Oct 2002 21:10:21 -0700 (PDT)

on 26th Sep the following url:

used to give Alert PopUp and 
DB Error: getArticles: 1064: You have an error in your SQL syntax near '='
at line 23

now it gives:
Sorry - $HTTP_GET_VARS contains javascript...

Prompt fix by PostNuke team, great work Keep it up! :)

Muhammad Faisal Rauf Danka

Head of GemSEC / Chief Technology Officer
Gem Internet Services (Pvt) Ltd.
web: www.gem.net.pk
Key Id: 0x784B0202
Key Fingerprint: 6F8C EDCF 6C6E 06A5 48D7 6A20 C592 484B 
784B 0202


Select your own custom email address for FREE! Get you () yourchoice com w/No Ads, 6MB, POP & more! 

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]